From owner-freebsd-questions@FreeBSD.ORG Tue Mar 15 19:39:27 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8EA016A4CE for ; Tue, 15 Mar 2005 19:39:27 +0000 (GMT) Received: from limicola.its.uu.se (limicola.its.UU.SE [130.238.7.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5650543D48 for ; Tue, 15 Mar 2005 19:39:26 +0000 (GMT) (envelope-from ante@Update.UU.SE) Received: by limicola.its.uu.se (Postfix, from userid 205) id 06BB44AA1; Tue, 15 Mar 2005 20:39:24 +0100 (MEZ) Received: from limicola.its.uu.se(127.0.0.1) by limicola.its.uu.se via virus-scan id s118789; Tue, 15 Mar 05 20:39:16 +0100 Received: from Psilocybe.Update.UU.SE (Psilocybe.Update.UU.SE [130.238.19.25]) by limicola.its.uu.se (Postfix) with ESMTP id 711C4499E; Tue, 15 Mar 2005 20:39:16 +0100 (MEZ) Received: by Psilocybe.Update.UU.SE (Postfix, from userid 30086) id 38A5C38012; Tue, 15 Mar 2005 20:39:16 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by Psilocybe.Update.UU.SE (Postfix) with ESMTP id 373885C002; Tue, 15 Mar 2005 20:39:16 +0100 (CET) Date: Tue, 15 Mar 2005 20:39:16 +0100 (CET) From: Andreas Davour To: Lowell Gilbert In-Reply-To: <448y4p7znq.fsf@be-well.ilk.org> Message-ID: References: <42326F4D.70008@daleco.biz> <200503120435.j2C4ZDr89213@fat_man.ascendency.net> <20050313112025.GI18080@alzatex.com> <20050314153532.GA825@Alex.lan> <448y4p7znq.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-questions@freebsd.org Subject: Re: IPFW or pf? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2005 19:39:27 -0000 On Tue, 15 Mar 2005, Lowell Gilbert wrote: > Andreas Davour writes: > >> I have read the handbook about firewalls, and compiled my kernel >> without switching on any explicit support for pf. >> >> Now, when I ran the mergemaster it suddenly found a lot of references >> to pf in my startup scripts. > > The startup scripts support pf, but do not require it. Ok, That's a relief. I didn't do anything stupid. >> Is pf some kind of mandatory part of the base system these days? I >> thought it was some kind of alternative to IPFW, but now I'm no longer >> so sure. > > It is a part of the base system. It is always present just like ipfw, > but its use is not required. So, the base systems ships with two firewalls? Why? Reading about firewalls in the handbook, I realized I didn't know much about them. I'd say that adding some more text to the handbook about those two and how they [don't] interact might be a good idea. I don't know enough to do it. >> Can someone tell me if it's ok to just use IPFW on my STABLE system, >> or is there some other knobs in the kernelconfig I should toggle to >> turn off pf support? > > You are fine the way you are. I recommend letting mergemaster update > the default pf startup files, so that it won't ask about them next > time, but it doesn't really matter if you're not using pf. Will do. Thanks for the help! /Andreas -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?