From owner-freebsd-ipfw@FreeBSD.ORG Thu Jul 21 05:33:18 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C69F16A41F for ; Thu, 21 Jul 2005 05:33:18 +0000 (GMT) (envelope-from roger@gwch.net) Received: from mail.gwch.net (80-219-201-207.dclient.hispeed.ch [80.219.201.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4914F43D4C for ; Thu, 21 Jul 2005 05:33:17 +0000 (GMT) (envelope-from roger@gwch.net) Received: from localhost (link [127.0.0.1]) by mail.gwch.net (Postfix) with ESMTP id D2051408D9; Thu, 21 Jul 2005 07:36:18 +0200 (CEST) Received: from mail.gwch.net ([127.0.0.1]) by localhost (mail.gwch.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31482-02; Thu, 21 Jul 2005 07:36:14 +0200 (CEST) Received: from www.gwch.net (pluto.gwch.net [192.168.2.103]) by mail.gwch.net (Postfix) with ESMTP id EB57A4087C; Thu, 21 Jul 2005 07:36:13 +0200 (CEST) Received: from 62.2.21.164 (SquirrelMail authenticated user rogerg) by www.gwch.net with HTTP; Thu, 21 Jul 2005 07:33:10 +0200 (CEST) Message-ID: <32481.62.2.21.164.1121923990.squirrel@www.gwch.net> In-Reply-To: <20050720214706.GY39292@obiwan.tataz.chchile.org> References: <42267.62.2.21.164.1121863057.squirrel@www.gwch.net> <200507201533.53008.max@love2party.net> <1121880253.53529.5.camel@foxdaemon.com> <20050720214706.GY39292@obiwan.tataz.chchile.org> Date: Thu, 21 Jul 2005 07:33:10 +0200 (CEST) From: "Roger Grosswiler" To: "Jeremie Le Hen" User-Agent: SquirrelMail/1.4.4-2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: amavisd-new at gwch.net Cc: freebsd-ipfw@freebsd.org Subject: Re: Most wanted packet filter X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 05:33:18 -0000 > Hi Mark, > >> How difficult is it to switch from IPFW2 to PF or use the two in >> conjunction with one another and are there any good URL "how to" sites >> with that information? > > The syntax is really different, nothing common. But none is difficult. > > It is possible to use both, but this makes maintainability more complex, > IMO. IIRC the precedence of each firewall depends on the order which > they registered on PFIL_HOOKS. The trick to force certain order is to > compile the first one in the kernel and the second on as a module. > Please correct me if I'm wrong. > > Regards, > -- > Jeremie Le Hen > < jeremie at le-hen dot org >< ttz at chchile dot org > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > So, the most recommended seems to be pf for the moment. I thank you all very much for your input. Roger