Date: Wed, 25 Oct 2000 17:01:14 +0400 (MSD) From: Jaroshenko Serge <jaroshenko@mail.ru> To: James Wilde <james.wilde@telia.com> Cc: FreeBSD-questions@FreeBSD.ORG Subject: Re: IPFW vs IP-Filter Message-ID: <Pine.BSF.4.21.0010251652450.27693-100000@freebsd.merlin.ru> In-Reply-To: <000601c03e6f$c9c1b0e0$8208a8c0@iqunlimited.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Oct 2000, James Wilde wrote:
> I've checked the handbook and other sources on IPFW and IP-Filter and I
> would appreciate some comments on the two.
>
> I assume that one uses either/or and not both. IPFW is compiled into the
> kernel but IP-Filter runs as an application.
ipfilter is compiled into kernel - see LINT :
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT #divert sockets
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPSTEALTH #support for stealth forwarding
> I don't know if there is any
> advantage or disadvantage in this. I have always seen IP-Filter as being
> the richer in functionality with its statefulness and extra keywords, for
> example, the 'quick' keyword.
>
> My filter of choice therefore has hitherto been IP-Filter. Is there
> anything I am missing? What are the pros and cons of the two alternatives -
> and, in fact, any others that the panel would like to consider.
What packet filter install - your choice!
I use ipfilter-3.4.11 - in this version nat work correct for
M$ IExploder5 ftp protocol.
Sorry for bad english!
Best regards!
Serge.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010251652450.27693-100000>