From owner-freebsd-questions@FreeBSD.ORG Thu Dec 4 22:34:43 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 904F516A4CE for ; Thu, 4 Dec 2003 22:34:43 -0800 (PST) Received: from falcon.midgard.homeip.net (h201n1fls24o1048.bredband.comhem.se [212.181.162.201]) by mx1.FreeBSD.org (Postfix) with SMTP id 2FF3643F93 for ; Thu, 4 Dec 2003 22:34:41 -0800 (PST) (envelope-from ertr1013@student.uu.se) Received: (qmail 39962 invoked by uid 1001); 5 Dec 2003 06:34:39 -0000 From: Erik Trulsson To: Emmanuel Gravel Message-ID: <20031205063439.GA39944@falcon.midgard.homeip.net> Mail-Followup-To: Emmanuel Gravel , freebsd-questions@freebsd.org References: <1070602696.3909.9.camel@hades> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1070602696.3909.9.camel@hades> User-Agent: Mutt/1.5.5.1i cc: freebsd-questions@freebsd.org Subject: Re: What exactly is ipfilter? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Fri, 05 Dec 2003 06:34:43 -0000 X-Original-Date: Fri, 5 Dec 2003 07:34:39 +0100 X-List-Received-Date: Fri, 05 Dec 2003 06:34:43 -0000 On Thu, Dec 04, 2003 at 10:38:16PM -0700, Emmanuel Gravel wrote: > I'm looking through rc.conf and the kernel config file for FreeBSD 4.9 > (recently downloaded it, my last upgrade was 4.5 so I was way behind, > and this is a new install because my old firewall died). I'm used to > using ipfw and natd for my firewall, but now I'm seeing ipfilter, ipnat > and ipmon. I've done a google search on all of www.freebsd.org for > ipfilter, but it only seems to show up in release notes, and the online > handbook doesn't really talk about it. Since I haven't recompiled my new > kernel, should I consider this instead of ipfw and natd? What's the > difference, exactly? ipfilter is just another firewall implementation, which you can use instead of ipfw/natd if you wish. The difference is mainly that it is different. The configuration and implementation is completely different, but the functionality is more or less the same. Use whichever one of ipfw/ipfilter that you wish, but if you already are familiar with ipfw/natd you might as well stick with it, unless you have some specific reason to switch. Since ipfilter isn't FreeBSD specific, you should probably not confine your web-searches for information on it to freebsd.org. > > On a related note, I'm not sure what the usefulness of IPDIVERT is > either, so I don't know if I should compile it in the kernel or not. It is needed for natd to work, so if you are using natd you need IPDIVERT in your kernel. -- Erik Trulsson ertr1013@student.uu.se