stateful filtering

  1. Incnis Mrsi

    “Stateful” gotcha in pf(4)

    The NetBSD FAQ on pf states: Although it might be handy for firewalling proper, “passing without going through ruleset evaluation” is abysmally silly for routing. Yesterday Ī̲ found that my system of rules, based on the dual-homed-ipv6-via-freebsd-gateway-with-pf-4.82761, doesn’t work...
  2. B

    IPFW ipfw nat stateful redirect of a port

    Hello everyone! I have few network services running in jailed configuration on a server, and I use ipfw to protect the server against possible attacks, and to provide its local clients with access to internet. The goal I want to achieve is redirection of some ports of jailed services to the...
  3. A

    PF Dangling states problem

    Dangling states problem: pf consults its state table before the rule set (as it should). So even after adding a rule to block certain connections, the ones that have a corresponding entry in the state table will continue uninterrupted. AFAIK, pf does not have any built-in/native mechanism to...