From owner-freebsd-questions Mon Jun 17 11:44:52 2002 Delivered-To: freebsd-questions@freebsd.org Received: from flamingo.mail.pas.earthlink.net (flamingo.mail.pas.earthlink.net [207.217.120.232]) by hub.freebsd.org (Postfix) with ESMTP id 5C12E37B41F for ; Mon, 17 Jun 2002 11:44:46 -0700 (PDT) Received: from sdn-ar-007dcwashp160.dialsprint.net ([63.178.91.96] helo=moo.holy.cow) by flamingo.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 17K1Ua-0005dv-00; Mon, 17 Jun 2002 11:44:45 -0700 Received: by moo.holy.cow (Postfix, from userid 1001) id 0D62850BB7; Mon, 17 Jun 2002 14:47:20 -0400 (EDT) Date: Mon, 17 Jun 2002 14:47:20 -0400 From: parv To: Ceri Davies Cc: Darren Pilgrim , freebsd-questions@freebsd.org Subject: Re: "Login for services" ipf/ipfw rule creation? Message-ID: <20020617184720.GB4290@moo.holy.cow> Mail-Followup-To: Ceri Davies , Darren Pilgrim , freebsd-questions@freebsd.org References: <3D0DB0DC.2A7F8E1E@pantherdragon.org> <20020617100400.GB6360@submonkey.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020617100400.GB6360@submonkey.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG in message <20020617100400.GB6360@submonkey.net>, wrote Ceri Davies thusly... > > On Mon, Jun 17, 2002 at 02:50:20AM -0700, Darren Pilgrim wrote: > > ... > > I know ipfw doesn't have the ability to flush the static and > > dynamic rules seperately, but that ipf does. Can I use both > > ipfw and ipf simutaneously, or is it an either/or deal? > > I'm pretty sure it's either/or. i remember from some freebsd mailing list, not incorrectly, that at least one person was using both ipfw & ipf actively w/o problems (or problems had been workaround away or resolved). personally, i can testify, based on little experience, that both ipfw & ipf can be used simultaneously. you see i had both ipfw & ipf compiled in the kernel... options IPFIREWALL #options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFILTER options IPFILTER_DEFAULT_BLOCK ...but i had rules only for ipf and not for ipfw. w/o the IPFIREWALL_DEFAULT_TO_ACCEPT option, nothing was going out ... until i realized the fact. so i enabled that option and everything is going in & out just fine. big idea is to leisurely experiment running both firewalls simultaneously, and as a side effect learn ipfw too. - parv -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message