Re:[m0n0wall] Monowall , Firewall Full-State ??

From:	edward mzj <edward underscore mzj at yahoo dot com dot cn>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re:[m0n0wall] Monowall , Firewall Full-State ??
Date:	Mon, 30 May 2005 22:17:01 +0800 (CST)

ipf supports h323 proxying, but the rules generated by m0n0 do not include that support, only ftp
proxying is added
    test# grep -in proxy filter.inc   
    124:map $if $src $dst -> {$tgt} proxy port ftp ftp/tcp

ipf also supports some other nat-friendly protocols. u could add those support by yourself, if you
do need them.
    test# ls /usr/src/sys/contrib/ipfilter/netinet/*pxy*
    ip_ftp_pxy.c            ip_ipsec_pxy.c          ip_raudio_pxy.c
    ip_h323_pxy.c           ip_netbios_pxy.c        ip_rcmd_pxy.c


 
--- Nans Delrieu <delrieu dot nans at laposte dot net> wrote:

> Hello
> I would like to know if monowall has a firewall full-state
> For example, is it possible to use protocol like H323 ?? the port used 
> are dynamic and is the FW is able to support this ?
> thanks
> Nans
> 



	

	
		
___________________________________________________________
»¶Ó×¢²áÑÅ»¢³¬´óÈÝÁ¿Ãâ·ÑÓÊÏä 
http://cn.mail.yahoo.com