Transparent firewall & Dynamic rules
Luigi Rizzo
rizzo at iet.unipi.it
Sat Sep 12 13:03:13 UTC 2009
On Sat, Sep 12, 2009 at 03:32:54PM +0800, Cypher Wu wrote:
> I want to build a transparent firewall based on IPFW. For static rules
> this is fine, but for dynamic rules, ipfw uses keepalive packet to
> avoid deleting a dynamic rule that both ends are still alive but don't
> issue any traffic for a long time. But this means the firewall should
> have it's own IPs and is not transparent anymore.
keepalives carry the addresses of the two endpoints,
the firewall is not visible.
More information about the freebsd-ipfw
mailing list