nat vs. state
Michael Sierchio
kudzu at tenebras.com
Thu Apr 10 08:39:29 PDT 2003
Earl A. Killian wrote:
> Is it safe to assume packets diverted to NAT are "safe" and don't need
> further checking? In particular, can the use of dynamic/stateful
> rules be skipped for NAT packets? It seems so, because NAT is already
> stateful.
Safe? Define "safe." ;-)
For *dynamic* nat, probably so. For static nat (port/addr redirect)
you'll probably want to have robust rules after diverting to natd.
More information about the freebsd-ipfw
mailing list