Also, it's worth mentioning that the only rules that ipf has to worry about are the ones for this process. General security rules are to be enforced at the border (again, not my call).
At 09:47 PM 12/11/2002 +0000, David Pick wrote:
<snip>
There are alternative approaches. You don't say which OS you're using; I've been using FreeBSD with IPF state tables, but I built my kernel(s) with both IPF and the FreeBSD IPFW options. Most of my rules use IPF and the state tables auite happily; but I can easily insert blocking rules into the IPFW tables to block traffic that is passed by IPF state entries. The significant fact is that in this sort of kernel the IP packets have to pass *both* filter packages succesfully; either of them can block independantly of the other.-- David Pick
