IPFW2 ve -stable a aktualizace source upgrade

Martin Horcicka horcicka at freebsd.cz
Mon Aug 5 11:12:14 CEST 2002

Previous message: IPFW2 ve -stable a aktualizace source upgrade
Next message: IPFW2 ve -stable a aktualizace source upgrade
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ahoj,

Roman Neuhauser (2002-08-05 10:46 +0200):

> > Juknete pro inspiraci sem
> >
> > http://www.freebsd-howto.com/HOWTO/Ipfw-Advanced-Supplement-HOWTO
>
>     z toho clanku jsem v tomhle threadu minimalne jednou citoval. takze
>     jeste jednou:
>
>     Normally the rule to allow the packets from local LAN Nic cards to
>     pass through the ipfw firewall come before the divert natd rule as
>     seen in the rc.firewall file. But for advanced stateful rules it has
>     to be moved after the divert natd rule and the 'keep-state' option
>     has to be used so the dynamic rules table knows about the packet
>     activity before they get passed through the rules file the second
>     time. Technically this means each packet will have 2 sets of dynamic
>     table rules, one set for the private Nic interface and one for the
>     public Nic interface. This is an resource waste, decreases
>     performance, and not necessary if the nat function is done outside
>     of ipfw.
>
>     a k tomu bych dodal, ze na http://www.freebsd.cz/~michal/ se ve
>     vsech ukazkach pouziva jenom setup / established.

zacinam se v obecnosti teto diskuze trochu ztracet - nemohli bychom se dostat
do konkretnejsi roviny? Treba, ze by nektery odpurce IPFW napsal nejaky kousek
firewallu, ktery podle nej nejde udelat s IPFW efektivne? Ten vynatek nahore
zrejme uplne nechapu.

Martin

Previous message: IPFW2 ve -stable a aktualizace source upgrade
Next message: IPFW2 ve -stable a aktualizace source upgrade
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list