[ previous ] [ next ] [ threads ]
 From:  edward mzj <edward underscore mzj at yahoo dot com dot cn>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re:[m0n0wall] Monowall , Firewall Full-State ??
 Date:  Mon, 30 May 2005 22:17:01 +0800 (CST)
ipf supports h323 proxying, but the rules generated by m0n0 do not include that support, only ftp
proxying is added
    test# grep -in proxy filter.inc   
    124:map $if $src $dst -> {$tgt} proxy port ftp ftp/tcp

ipf also supports some other nat-friendly protocols. u could add those support by yourself, if you
do need them.
    test# ls /usr/src/sys/contrib/ipfilter/netinet/*pxy*
    ip_ftp_pxy.c            ip_ipsec_pxy.c          ip_raudio_pxy.c
    ip_h323_pxy.c           ip_netbios_pxy.c        ip_rcmd_pxy.c

--- Nans Delrieu <delrieu dot nans at laposte dot net> wrote:

> Hello
> I would like to know if monowall has a firewall full-state
> For example, is it possible to use protocol like H323 ?? the port used 
> are dynamic and is the FW is able to support this ?
> thanks
> Nans