Date: Wed, 13 Oct 1999 08:48:49 -0400 From: Thomas Stromberg <tstromberg@rtci.com> To: freebsd-current@freebsd.org, freebsd-security@freebsd.org, peter@freebsd.org Subject: ipfilter no longer in -CURRENT, whats the direction? (off to ipfw?) Message-ID: <38047FB1.D7B282AD@rtci.com>
next in thread | raw e-mail | index | archive | help
http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/ipnat/Attic/Makefile ------------------------------------------------------------------------ 1.2 Sun Oct 10 15:08:35 1999 UTC by peter CVS Tags: HEAD Diffs to 1.1 FILE REMOVED Nuke the old antique copy of ipfilter from the tree. This is old enough to be dangerous. It will better serve us as a port building a KLD, ala SKIP. ------------------------------------------------------------------------ Although a heads up in -CURRENT or -security about this would of been nice, ye old ipfilter is gone. I definitely cannot disagree with the fact that it is an antique copy, and it's a shame that no one seems to be taking care of it in the tree. At least in the past, ipfilter was for many a much better option then ipfw. Has ipfw improved to the point where it functions better as a company firewall then ipfilter? (Okay, so the group & user firewalling is neat, but not really applicable for a corporate border firewall) ipfilters website: http://coombs.anu.edu.au/~avalon/ip-filter.html For why I feel ipfilter is better then ipfw (this post was written back in December '98, ipfw may have changed greatly since): http://www.freebsd.org/cgi/getmsg.cgi?fetch=117538+122112+/usr/local/www/db/text/1998/freebsd-current/19981227.freebsd-current (the big 'wanton atticizing discussion') A summary of it being: - Multiplatform. Runs on IRIX, Solaris, Linux. Comes shipped with FreeBSD, OpenBSD, and NetBSD. Keeps us in sync with the other BSD's. - Better logging then ipfw (has ipfw improved? Thats why I switched to ipfilter in the first place) It's a shame that no one seems to want to maintain ipfilter in our tree. As far as a 'port building kld', I think this may not be the 'smartest' way, seeing as anyone who is running a serious firewall would disable kld's immediately anyhow. So my question is, what's the direction we're taking here? -- ======================================================================= Thomas Stromberg, Assistant IS Manager / Systems Guru smtp://tstromberg@rtci.com Research Triangle Commerce, Inc. pots://919.380.9771 x3210 ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38047FB1.D7B282AD>