From owner-freebsd-security  Thu Jan  2 06:14:05 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id GAA05466
          for security-outgoing; Thu, 2 Jan 1997 06:14:05 -0800 (PST)
Received: from darling.cs.umd.edu (10862@darling.cs.umd.edu [128.8.128.115])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id GAA05461
          for <security@freebsd.org>; Thu, 2 Jan 1997 06:14:01 -0800 (PST)
From: rohit@cs.umd.edu
Received: by darling.cs.umd.edu (8.8.4/UMIACS-0.9/04-05-88)
	id JAA09309; Thu, 2 Jan 1997 09:13:59 -0500 (EST)
Date: Thu, 2 Jan 1997 09:13:59 -0500 (EST)
Message-Id: <199701021413.JAA09309@darling.cs.umd.edu>
To: security@freebsd.org
Subject: Which Firewall : ipfw or ipfilter?
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Hi,

I need to set up a firewall on a FreeBSD 2.2 BETA machine
and was trying to decide between ipfw and ipfilter.

Various messages in the 'archive' around August 14 suggest
that ipfw is 'klunky' and badly documented. Is that still 
the case? The man page is dated July 20, 1996. Does it still
apply to ipfw on the 2.2 branch.

On the other hand the ipfilter page suggests that ipfilter goes 
up only to 2.1.5 currently. Is a version for 2.2 coming anytime 
soon?

Is one of ipfw and ipfilter accepted to be 'the' FreeBSD firewall
today?

Any help would be appreciated.

Thanks

--rohit.



From owner-freebsd-security  Thu Jan  2 14:10:23 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id OAA07274
          for security-outgoing; Thu, 2 Jan 1997 14:10:23 -0800 (PST)
Received: from vdp01.vailsystems.com (vdp01.vailsystems.com [207.152.98.18])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA07267
          for <security@freebsd.org>; Thu, 2 Jan 1997 14:10:20 -0800 (PST)
Received: from crocodile.vale.com (crocodile [204.117.217.147]) by vdp01.vailsystems.com (8.8.3/8.7.3) with ESMTP id QAA27103; Thu, 2 Jan 1997 16:09:01 -0600 (CST)
Received: from jaguar (jaguar.vale.com [204.117.217.146]) by crocodile.vale.com (8.8.3/8.7.3) with SMTP id MAA03489; Thu, 2 Jan 1997 12:34:46 -0600 (CST)
Message-ID: <32CBFFC6.6A14@vailsys.com>
Date: Thu, 02 Jan 1997 12:34:46 -0600
From: Hal Snyder <hal@vailsys.com>
Reply-To: hal@vailsys.com
Organization: Vail Systems, Inc.
X-Mailer: Mozilla 3.0 (WinNT; I)
MIME-Version: 1.0
To: rohit@cs.umd.edu
CC: security@freebsd.org, nash@mcs.com
Subject: Re: Which Firewall : ipfw or ipfilter?
References: <199701021413.JAA09309@darling.cs.umd.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

rohit@cs.umd.edu wrote:

> Is one of ipfw and ipfilter accepted to be 'the' FreeBSD firewall
> today?

I don't have a definitive answer, but - ipfw has been part of FreeBSD
longer than ipfilter, and is maturing nicely.  It is actively
maintained, documentation is improving, and reports of its demise are
exagerated.  Be sure to look at /etc/rc.firewall in any recent release
for sample rule sets.

[I never got around to looking into ipfilter because ipfw has always
done what was needed.]

From owner-freebsd-security  Fri Jan  3 00:29:26 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id AAA07249
          for security-outgoing; Fri, 3 Jan 1997 00:29:26 -0800 (PST)
Received: from blackGIS.oes.samsung.co.kr ([203.241.159.160])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id AAA07242
          for <security@freebsd.org>; Fri, 3 Jan 1997 00:29:18 -0800 (PST)
Received: from [110.2.31.100] 
	by blackGIS with ESMTP (DuhMail/2.0)
	id RAA28709; Fri, 3 Jan 1997 17:28:53 +0900
X-Authentication-Warning: blackGIS: Host [110.2.31.100] claimed to be yoondark.oes.samsung.co.kr
Message-ID: <32CCC4BC.DE0@rose.oes.samsung.co.kr>
Date: Fri, 03 Jan 1997 17:35:08 +0900
From: DuckSang Yoon <yoondark@rose.oes.samsung.co.kr>
Reply-To: yoondark@rose.oes.samsung.co.kr
Organization: Samsung Data Systems
X-Sender: DuckSang Yoon <yoondark@rose.oes.samsung.co.kr>
X-Mailer: Mozilla 4.0b1 (Win95; I)
MIME-Version: 1.0
To: security@freebsd.org
Subject: subscribe
X-Priority: Normal
Content-Type: multipart/alternative; boundary="----------4DA570F043E90"
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


------------4DA570F043E90
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii

<HTML><BODY>

<DT>subscribe</DT>

</BODY>
</HTML>
------------4DA570F043E90
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=us-ascii

<HTML><BODY>

<DT>subscribe</DT>

</BODY>
</HTML>
------------4DA570F043E90--