Re: NetBSD ipfilter stateful??

From: Christian Jean (christian@celestix.com)
Date: 07/25/01

• Previous message: Obert, Jack E.: "RE: Win32.Sircam.Worm Alert....."
• In reply to: Pacifier: "NetBSD ipfilter stateful??"
• Next in thread: Joe Shaw: "Re: NetBSD ipfilter stateful??"
• Reply: Joe Shaw: "Re: NetBSD ipfilter stateful??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 25 Jul 2001 10:59:16 +0800
From: Christian Jean <christian@celestix.com>
To: Pacifier <evablunted@freemail.absa.co.za>
Subject: Re: NetBSD ipfilter stateful??
Message-Id: <20010725105916.3ef384ff.christian@celestix.com>

On Thu, 19 Jul 2001 23:58:59 +0200
Pacifier <evablunted@freemail.absa.co.za> wrote:

> Greetz.
>
> I am planning to implement a firewall solution using netbsd's ipfilter.
> What I need to know from the group is what if ipfilter is stateful or not.
>
> For instance, with ipchains, if I am creating a firewall rule for accessing
> a web server, I have to define a rule for the back connection as well.
>
> With ipfilter, do I need to create a rule for the back connection as well,
> or is that handled automatically by inspecting the state table like
> firewall-1
>
> Any input will be more that appreciated.
>
> Thanks
>
> Pacifier
> Network Admin
> CISSP wannbe
>
>

Also don't forget to check IPFilter license because there was some problem with it
a couple of months ago, especially if you intend to modify the code of IPFilter.

-- 
Christian Jean
+-------------------------------+-----------------------------+
|R&D Engineer                   |Tel : (65) 844 1301          |
|celestix Networks Pte Ltd      |Fax : (65) 844 1125          |
|18 Tannery Lane #05-03         |mail: christian@celestix.com |
|Lian Tong Building             |web : http://www.celestix.com|
|Singapore 347780               |                             |
+-------------------------------+-----------------------------+

---

• Previous message: Obert, Jack E.: "RE: Win32.Sircam.Worm Alert....."
• In reply to: Pacifier: "NetBSD ipfilter stateful??"
• Next in thread: Joe Shaw: "Re: NetBSD ipfilter stateful??"
• Reply: Joe Shaw: "Re: NetBSD ipfilter stateful??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: The way forward....... ... > While ipfw may not be a true stateful firewall, one can still add in the ... > how secure would it be against a firewall based on the ipfilter way? ... (FreeBSD-Security) Re: The way forward....... ... > While ipfw may not be a true stateful firewall, one can still add in the ... > how secure would it be against a firewall based on the ipfilter way? ... (FreeBSD-Security) RE: NetBSD ipfilter stateful?? ... Subject: NetBSD ipfilter stateful?? ... To keep things short, yes IPFilter is stateful. ... The IPF code in NetBSD is ... (Security-Basics) NetBSD ipfilter stateful?? ... I am planning to implement a firewall solution using netbsd's ipfilter. ... What I need to know from the group is what if ipfilter is stateful or not. ... With ipfilter, do I need to create a rule for the back connection as well, ... (Security-Basics) Re: LoadBalancer With FreeBSD ... > You can do Round Robin with Ipfilter. ... > They are just proxy. ... pen work very well. ... > Number of connection is not a big problem with good sysctl value and ... (freebsd-isp)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)