A superficially simple stateful ipfw configuration?
Victor Sudakov
vas at mpeks.tomsk.su
Sat Jan 10 09:55:10 UTC 2015
Colleagues,
Has anyone been able to emulate the logic of Cisco PIX with ipfw?
Like, there are 3 interfaces: Inside, Outside and DMZ. You assign
security levels to the interfaces (Outside=0, DMZ=50, Inside=100) and
the traffic can be initiated only from the more secure interface to
the less secure one and not vice versa. The check-state traffic can
also return from the less secure interface to the more secure one.
It sounds simple but I have difficulties implementing the logic
with ipfw. Any recipes/macros please?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions
mailing list