Date: Wed, 11 Dec 2002 16:19:37 +0200 From: Peter Pentchev <roam@ringlet.net> To: Rudy~Rockstar =?windows-1251?Q?=AE?= <rudyrockstar@hotmail.com> Cc: doc@FreeBSD.org Subject: Re: IPFILTER or IPFIREWALL? Message-ID: <20021211141937.GA42980@straylight.oblivion.bg> In-Reply-To: <F3zyfyz5b6KZmcK8r6b00014a77@hotmail.com> References: <F3zyfyz5b6KZmcK8r6b00014a77@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 11, 2002 at 08:42:07AM -0500, Rudy~Rockstar =AE wrote: > hey doc team, >=20 > I was just wondering if >=20 > options IPFILTER =3D=3D=3D options IPFIREWALL No, 'options IPFILTER' brings in support for IPFilter (see the ipf(4), ipf(8), ipf(5), ipnat(8), ipnat(5) manual pages) , and 'options IPFIREWALL' brings in support for the FreeBSD-specific ipfw(4) functionality (see the ipfw(4), ipfw(8), natd(8) manual pages). Those are different packet filtering engines with quite similar capabilities, and there are good things to be said for both. > As the man page for rc.conf(5) conflicts the handbook howto on natd(8) fo= r=20 > FBSD 4.7-RELEASE. >=20 > rc.conf(5) man pg-- > http://www.freebsd.org/cgi/man.cgi?query=3Drc.conf&apropos=3D0&sektion=3D= 0&manpath=3DFreeBSD+4.7-RELEASE&format=3Dhtml >=20 > natd(8) howto -- > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html How exactly do those conflict? The rc.conf(5) manual page lists the available hooks, which allow both IPFilter- and ipfw-based packet filtering and NAT. The IPFilter support is enabled by using the ipfilter_* and ipnat_* variables, and the ipfw/natd support is enabled by using the firewall_* and natd_* variables. You can choose which of those to use; sometimes it is even possible to use both IPFilter and ipfw subsystems together, though this should only be done when you are really, really sure what you are doing :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If wishes were fishes, the antecedent of this conditional would be true. --NzB8fVQJ5HfG6fxh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE990l57Ri2jRYZRVMRAsrOAKCGUODPIwyQHvpSroithsUbhp1OMgCdFABY gInvHkU5/k1GPYnnqmsoWQA= =hYub -----END PGP SIGNATURE----- --NzB8fVQJ5HfG6fxh-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021211141937.GA42980>