Date: Sun, 9 Jul 1995 19:11:02 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: nlawson@statler.csc.calpoly.edu (Nathan Lawson) Cc: jhs@vector.eikon.e-technik.tu-muenchen.de, security@freebsd.org Subject: Re: Byet April 95 no ref to screennd Message-ID: <199507100211.TAA09881@gndrsh.aac.dev.com> In-Reply-To: <199507092316.QAA02069@statler.csc.calpoly.edu> from "Nathan Lawson" at Jul 9, 95 04:16:10 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > > FYI > > In Byte Mag. April 95 P.96 Col 2 Para 2: > > "A version of DECs screennd kernel screening software is avail. > > for BSD386, NetBSD, & BSDI" > > No mention of FreeBSD tho' > > Author was 5051339@mcimail.com John Bryan > > IPFW works great and is equivalent in packet filtering to screend, I assume. > It's included with FreeBSD Given code review of both I would trust my security to screend over ip_fw any day. Remeber, security code needs to be simple, clean and very clear, something that ip_fw misses on all 3 points :-(. It may work, but it is very hard to verify from a security stand point due to the above 3 things. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507100211.TAA09881>