Date: Wed, 25 Oct 2006 16:22:01 +0300 From: Cristian KLEIN <cristi@net.utcluj.ro> To: Max Laier <max@love2party.net> Cc: freebsd-doc@freebsd.org Subject: Re: Multiple firewalls Message-ID: <453F64F9.6090709@net.utcluj.ro> In-Reply-To: <200610251343.06622.max@love2party.net> References: <453E9FC7.4000307@net.utcluj.ro> <200610251343.06622.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: > On Wednesday 25 October 2006 01:20, Cristian KLEIN wrote: >> Hi everybody, >> >> Please review the following article: >> http://cristiklein.c7obs.net/public/doc/en_US.ISO8859-1/books/handbook/ >> firewalls-multi.html > > "Note: At the time of this writing, using IPFW and PF is not recommended." > > Where do you get such information? I know of several successful > installations doing things like divert for L7 filtering in ipfw > and "normal" firewalling in pf. Also note, that in order to use ipfw's > ALTQ pf (eventhough one w/o a filtering ruleset) is required. PF NAT did not work on a computer on which IPFW and PF were build into the kernel. IPFW was not even enabled, but for some reason, packets did not get translated. I admit that more research should be done in this direction. > >> Here is the patch against the newest cvs-doc: >> http://cristiklein.c7obs.net/public/doc/firewalls-multi.diff > -- +-------------------------------------+ | Cristian KLEIN | | Network Engineer | | Communication Center | | Technical University of Cluj-Napoca | +-------------------------------------+ | Tel: +40-264-401247, int. 247 | | WWW: http://www.cc.utcluj.ro | +-------------------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?453F64F9.6090709>