hi, in the midst of a recent revisit of my ipfw + ipfw on OSX config, i found myself in the middle of a 'warm' thread that suggests that ipfw + natd _prevents_ stateful operation: <http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-June/001149.html> although it seems there are some differences of opinion on the matter (involving the author of ipfw2), if true it DOES imply that OSX has NO kernel-based (or other?) solution for a stateful firewall when used with NAT redirection/diverting ( of course, a NOT uncommon configuration for LANs ) As, per your earlier email, Apple is "looking at" ipfw2, I *do* hope that that will be taken into consideration ... if ipfw2 ends up NOT being replaced, or complemented, by a firewall that DOESN'T seem to have this issue (pf, ipfilters, etc), in an upcoming Daring kernel, perhaps someone from the Darwin team can follow the discussion and (better) work with the ipfw2 author to ensure that we (Darwin / OSX users) end up with stateful firewall when using NATd as an option. thanks, richard Date: Tue, 06 Apr 2004 15:28:58 -0700 From: OpenMacNews <darwin-kernel.20.openmacnews@spamgourmet.com> To: darwin-kernel Dev <darwin-kernel@lists.apple.com> Subject: Re: any info on next-gen firewall (ipfw2)? great to hear! it'll make gateway migration to OSX from *BSD (e.g.) a bit less painful ... can you comment re: whether as built-in the kernel, or as an extension? the former (maybe?) probably has some performance advantages, but the latter could allow for the inclusion/addition of "pf" as well. i've read strong arguments on the lists for both pkgs ... thx, richard We are aware that the firewall is falling behind. We are looking at ipfw2. -josh On Apr 5, 2004, at 8:43 AM, OpenMacNews wrote: hi, can anyone provide any insight as to if/when Darwin will update its currently integrated firewall, ipfw, to a 'current' version/product --- say ipfw2, pf, etc.? or, is there an existing non-kernel port of any of them? FreeBSD has available both kernel builds and ports, but i've found nothing for OSX ... thanks, richard _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.