From owner-freebsd-security Sun Jul 9 19:11:03 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id TAA21891 for security-outgoing; Sun, 9 Jul 1995 19:11:03 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id TAA21885 for ; Sun, 9 Jul 1995 19:11:00 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id TAA09881; Sun, 9 Jul 1995 19:11:02 -0700 From: "Rodney W. Grimes" Message-Id: <199507100211.TAA09881@gndrsh.aac.dev.com> Subject: Re: Byet April 95 no ref to screennd To: nlawson@statler.csc.calpoly.edu (Nathan Lawson) Date: Sun, 9 Jul 1995 19:11:02 -0700 (PDT) Cc: jhs@vector.eikon.e-technik.tu-muenchen.de, security@freebsd.org In-Reply-To: <199507092316.QAA02069@statler.csc.calpoly.edu> from "Nathan Lawson" at Jul 9, 95 04:16:10 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 799 Sender: security-owner@freebsd.org Precedence: bulk > > > FYI > > In Byte Mag. April 95 P.96 Col 2 Para 2: > > "A version of DECs screennd kernel screening software is avail. > > for BSD386, NetBSD, & BSDI" > > No mention of FreeBSD tho' > > Author was 5051339@mcimail.com John Bryan > > IPFW works great and is equivalent in packet filtering to screend, I assume. > It's included with FreeBSD Given code review of both I would trust my security to screend over ip_fw any day. Remeber, security code needs to be simple, clean and very clear, something that ip_fw misses on all 3 points :-(. It may work, but it is very hard to verify from a security stand point due to the above 3 things. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD