ipfw/nated stateful rules example
Jonathan Chen
jonc at chen.org.nz
Tue Jan 20 21:20:03 PST 2004
On Tue, Jan 20, 2004 at 09:18:27PM -0500, fbsd_user wrote:
> Yes you are making it work, but not work
> correctly. In the true security sense, this is un-secure and
> invalidates the whole purpose of using keep-state rules at all. This
> would never be allowed by an real firewall security professional.
I'm curious as to why you'd consider it insecure. How would applying
the keep-state rules on the public IP be anymore secure that using it
on the internal IP? The mechanism works the same regardless. You
haven't provided an case as to why you think it is unsecure.
--
Jonathan Chen <jonc at chen.org.nz>
----------------------------------------------------------------------
Don't worry about avoiding temptation,
as you grow older, it starts avoiding you.
More information about the freebsd-questions
mailing list