From owner-freebsd-security Wed Oct 13 5:49: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from barracuda.aquarium.rtci.com (barracuda.aquarium.rtci.com [208.11.247.5]) by hub.freebsd.org (Postfix) with ESMTP id 262FD14D0A; Wed, 13 Oct 1999 05:48:55 -0700 (PDT) (envelope-from tstromberg@rtci.com) Received: from rtci.com (saoshyant@asho.zarathushtra.org [208.11.244.6]) by barracuda.aquarium.rtci.com (8.9.3/8.9.3) with ESMTP id IAA19390; Wed, 13 Oct 1999 08:50:00 -0400 (EDT) Message-ID: <38047FB1.D7B282AD@rtci.com> Date: Wed, 13 Oct 1999 08:48:49 -0400 From: Thomas Stromberg X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 4.0-CURRENT i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-current@freebsd.org, freebsd-security@freebsd.org, peter@freebsd.org Subject: ipfilter no longer in -CURRENT, whats the direction? (off to ipfw?) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/ipnat/Attic/Makefile ------------------------------------------------------------------------ 1.2 Sun Oct 10 15:08:35 1999 UTC by peter CVS Tags: HEAD Diffs to 1.1 FILE REMOVED Nuke the old antique copy of ipfilter from the tree. This is old enough to be dangerous. It will better serve us as a port building a KLD, ala SKIP. ------------------------------------------------------------------------ Although a heads up in -CURRENT or -security about this would of been nice, ye old ipfilter is gone. I definitely cannot disagree with the fact that it is an antique copy, and it's a shame that no one seems to be taking care of it in the tree. At least in the past, ipfilter was for many a much better option then ipfw. Has ipfw improved to the point where it functions better as a company firewall then ipfilter? (Okay, so the group & user firewalling is neat, but not really applicable for a corporate border firewall) ipfilters website: http://coombs.anu.edu.au/~avalon/ip-filter.html For why I feel ipfilter is better then ipfw (this post was written back in December '98, ipfw may have changed greatly since): http://www.freebsd.org/cgi/getmsg.cgi?fetch=117538+122112+/usr/local/www/db/text/1998/freebsd-current/19981227.freebsd-current (the big 'wanton atticizing discussion') A summary of it being: - Multiplatform. Runs on IRIX, Solaris, Linux. Comes shipped with FreeBSD, OpenBSD, and NetBSD. Keeps us in sync with the other BSD's. - Better logging then ipfw (has ipfw improved? Thats why I switched to ipfilter in the first place) It's a shame that no one seems to want to maintain ipfilter in our tree. As far as a 'port building kld', I think this may not be the 'smartest' way, seeing as anyone who is running a serious firewall would disable kld's immediately anyhow. So my question is, what's the direction we're taking here? -- ======================================================================= Thomas Stromberg, Assistant IS Manager / Systems Guru smtp://tstromberg@rtci.com Research Triangle Commerce, Inc. pots://919.380.9771 x3210 ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message