From owner-freebsd-security Sat Jun 22 06:53:42 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA01042 for security-outgoing; Sat, 22 Jun 1996 06:53:42 -0700 (PDT) Received: from post.io.org (post.io.org [198.133.36.6]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA01037 for ; Sat, 22 Jun 1996 06:53:40 -0700 (PDT) Received: from zap.io.org (taob@zap.io.org [198.133.36.81]) by post.io.org (8.7.5/8.7.3) with SMTP id JAA24925 for ; Sat, 22 Jun 1996 09:50:50 -0400 (EDT) Date: Sat, 22 Jun 1996 09:51:50 -0400 (EDT) From: Brian Tao To: FREEBSD-SECURITY-L Subject: IPFW vs. IP Filter? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I'm setting up a FreeBSD-based firewall here, and my original plan was to go with IPFW in the kernel. However, it seems there isn't any recent documentation for it (both the man page and the handbook entry are out of date). IP Filter 3.0.4 (http://coombs.anu.edu.au/~avalon/) also looks very nice, and Andrew Stesin recently recommended it here. Should I disable IPFW in the kernel and put IP Filter in its place then, or can (should?) the two coexist? My main beef is that the IPFW documentation is rather lacking, and /usr/src/sbin/ipfw/ipfw.c isn't helpfully commented. Suggestions appreciated. Thanks. -- Brian Tao (BT300, taob@io.org, taob@ican.net) Systems and Network Administrator, Internet Canada Corp. "Though this be madness, yet there is method in't"