ipfw or ipf w/stateful behavior
michael
michael at nettmail.de
Sun Aug 3 05:42:18 PDT 2003
Hi,
first i must tell you, that my english is not the best,
i hav learned my english from manpages and documentation.
Please excuse this.
I have setted up a Box w/FreeBSD 4.7-RELEASE for connecting
to the w3 through an DSL/ATM-Connection.
Now i know the stateful handling of firewall-rules under linux
with iptables.In the second i have understand that FreeBSD comes with the
netfilter-extensions.
Now i have made all rules with the setup/established or keep-state flags
(ipfw) and my ftp-connections are not really stateful. I think
that these behavior is also so by irc-chat.
Now i wont to know, how must i do to become also an stateful behavior
for these services, w/o to open the high-ports from the firewall,
then at the last time i become over and over with portscans from outside,
and i think this is an security reason.
i don't realy want to open the high-ports on my box.
give it an chance by using ipf and not ipfw??
i have read the documentations, and i have no hint found
that solve this problem, my i have seen that in first time
ipf is mutch more complex to configure and has more pitfalls
to make mistakes, with the ip packet description language.
have anyone any idea we i can solve this problem
w/o to open the high-ports??
thanks for all
best regards and have a good and funny time
michael
More information about the freebsd-security
mailing list