• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Darwin's ipfw (& ipfw2?) NOT stateful when used with NATd ?!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Darwin's ipfw (& ipfw2?) NOT stateful when used with NATd ?!

  • Subject: Darwin's ipfw (& ipfw2?) NOT stateful when used with NATd ?!
  • From: OpenMacNews <email@hidden>
  • Date: Wed, 02 Jun 2004 21:38:26 -0700
hi,

in the midst of a recent revisit of my ipfw + ipfw on OSX config, i found myself in the middle of a 'warm' thread that suggests that ipfw + natd _prevents_ stateful operation:

<http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-June/001149.html>

although it seems there are some differences of opinion on the matter (involving the author of ipfw2), if true it DOES imply that OSX has NO kernel-based (or other?) solution for a stateful firewall when used with NAT redirection/diverting ( of course, a NOT uncommon configuration for LANs )

As, per your earlier email, Apple is "looking at" ipfw2, I *do* hope that that will be taken into consideration ...

if ipfw2 ends up NOT being replaced, or complemented, by a firewall that DOESN'T seem to have this issue (pf, ipfilters, etc), in an upcoming Daring kernel, perhaps someone from the Darwin team can follow the discussion and (better) work with the ipfw2 author to ensure that we (Darwin / OSX users) end up with stateful firewall when using NATd as an option.

thanks,

richard

Date: Tue, 06 Apr 2004 15:28:58 -0700
From: OpenMacNews <email@hidden>
To: darwin-kernel Dev <email@hidden>
Subject: Re: any info on next-gen firewall (ipfw2)?

great to hear! it'll make gateway migration to OSX from *BSD (e.g.) a bit less painful ...

can you comment re: whether as built-in the kernel, or as an extension?

the former (maybe?) probably has some performance advantages, but the latter could allow for the inclusion/addition of
"pf" as well.

i've read strong arguments on the lists for both pkgs ...

thx,

richard

We are aware that the firewall is falling behind. We are looking at
ipfw2.

-josh

On Apr 5, 2004, at 8:43 AM, OpenMacNews wrote:

hi,

can anyone provide any insight as to if/when Darwin will update its
currently integrated firewall, ipfw, to a 'current' version/product
--- say ipfw2, pf, etc.?

or, is there an existing non-kernel port of any of them? FreeBSD has
available both kernel builds and ports, but i've found nothing for OSX
...

thanks,

richard
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.

  • Prev by Date: Re: SMP Safe Drivers on Mac OS X
  • Next by Date: Kernel thread and signal
  • Previous by thread: Re: Building a cross-gdb with host=i686-pc-linux-gnu and target=powerpc-apple-darwin
  • Next by thread: Kernel thread and signal
  • Index(es):
    • Date
    • Thread