From owner-freebsd-current Mon Nov 15 11: 0: 9 1999 Delivered-To: freebsd-current@freebsd.org Received: from super-g.com (super-g.com [207.240.140.161]) by hub.freebsd.org (Postfix) with ESMTP id CFD1B14D21; Mon, 15 Nov 1999 10:59:56 -0800 (PST) (envelope-from spork@super-g.com) Received: by super-g.com (Postfix, from userid 1000) id 64FA4BA67; Mon, 15 Nov 1999 13:59:55 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by super-g.com (Postfix) with SMTP id 4A5B0BA66; Mon, 15 Nov 1999 13:59:55 -0500 (EST) Date: Mon, 15 Nov 1999 13:59:55 -0500 (EST) From: spork To: Darren Reed Cc: Thomas Stromberg , freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, peter@FreeBSD.ORG Subject: Re: ipfilter no longer in -CURRENT, whats the direction? (off to ipfw?) In-Reply-To: <199910131302.XAA05892@cheops.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I noticed that ipfilter is still gone... Was there any resolution here, or is ipfilter gone for good? All other concerns/features aside, I find the stateful inspection stuff much easier to setup than the ipfw filtering... I only touch my firewall once in a blue moon, and just about everything except for streaming quicktime "just works". It would be a shame to see such a useful piece of software go away. My $0.02, Charles On Wed, 13 Oct 1999, Darren Reed wrote: > Well, if someone had of answered my question (to cvs-committers) > about getting an account fixed up on freefall(?) so I could use > cvs again, it might not have been forgotten about for quite so > long. Maybe I sent the question to the "wrong place", but I > received no answer to even indicate that! hmpf! > > On a conspirital note, I think there are numerous ipfw advocates > within freebsd who hate that ipfilter is better >;-) Both NetBSD and > OpenBSD ship with it, and if you're serious about security, maybe > you should be using OpenBSD anyway, rather than FreeBSD. > > Darren > > In some mail from Thomas Stromberg, sie said: > > > > http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/ipnat/Attic/Makefile > > ------------------------------------------------------------------------ > > 1.2 Sun Oct 10 15:08:35 1999 UTC by peter > > CVS Tags: HEAD > > Diffs to 1.1 > > FILE REMOVED > > > > Nuke the old antique copy of ipfilter from the tree. This is old enough > > to be dangerous. It will better serve us as a port building a KLD, > > ala SKIP. > > ------------------------------------------------------------------------ > > > > Although a heads up in -CURRENT or -security about this would of been > > nice, ye old ipfilter is gone. I definitely cannot disagree with the > > fact that it is an antique copy, and it's a shame that no one seems to > > be taking care of it in the tree. At least in the past, ipfilter was for > > many a much better option then ipfw. Has ipfw improved to the point > > where it functions better as a company firewall then ipfilter? (Okay, so > > the group & user firewalling is neat, but not really applicable for a > > corporate border firewall) > > > > ipfilters website: http://coombs.anu.edu.au/~avalon/ip-filter.html > > > > For why I feel ipfilter is better then ipfw (this post was written back > > in December '98, ipfw may have changed greatly since): > > > > http://www.freebsd.org/cgi/getmsg.cgi?fetch=117538+122112+/usr/local/www/db/text/1998/freebsd-current/19981227.freebsd-current > > (the big 'wanton atticizing discussion') > > > > A summary of it being: > > > > - Multiplatform. Runs on IRIX, Solaris, Linux. Comes shipped with > > FreeBSD, OpenBSD, and NetBSD. Keeps us in sync with the other BSD's. > > - Better logging then ipfw (has ipfw improved? Thats why I switched to > > ipfilter in the first place) > > > > It's a shame that no one seems to want to maintain ipfilter in our tree. > > As far as a 'port building kld', I think this may not be the 'smartest' > > way, seeing as anyone who is running a serious firewall would disable > > kld's immediately anyhow. > > > > So my question is, what's the direction we're taking here? > > > > -- > > ======================================================================= > > Thomas Stromberg, Assistant IS Manager / Systems Guru > > smtp://tstromberg@rtci.com Research Triangle Commerce, Inc. > > pots://919.380.9771 x3210 > > ======================================================================= > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message