Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Dec 2002 16:19:37 +0200
From:      Peter Pentchev <roam@ringlet.net>
To:        Rudy~Rockstar =?windows-1251?Q?=AE?= <rudyrockstar@hotmail.com>
Cc:        doc@FreeBSD.org
Subject:   Re: IPFILTER or IPFIREWALL?
Message-ID:  <20021211141937.GA42980@straylight.oblivion.bg>
In-Reply-To: <F3zyfyz5b6KZmcK8r6b00014a77@hotmail.com>
References:  <F3zyfyz5b6KZmcK8r6b00014a77@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Wed, Dec 11, 2002 at 08:42:07AM -0500, Rudy~Rockstar ® wrote:
> hey doc team,
> 
> I was just wondering if
> 
> options IPFILTER  === options IPFIREWALL

No, 'options IPFILTER' brings in support for IPFilter (see the ipf(4),
ipf(8), ipf(5), ipnat(8), ipnat(5) manual pages) , and 'options
IPFIREWALL' brings in support for the FreeBSD-specific ipfw(4)
functionality (see the ipfw(4), ipfw(8), natd(8) manual pages).  Those
are different packet filtering engines with quite similar capabilities,
and there are good things to be said for both.

> As the man page for rc.conf(5) conflicts the handbook howto on natd(8) for 
> FBSD 4.7-RELEASE.
> 
> rc.conf(5) man pg--
> http://www.freebsd.org/cgi/man.cgi?query=rc.conf&apropos=0&sektion=0&manpath=FreeBSD+4.7-RELEASE&format=html
> 
> natd(8) howto --
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html

How exactly do those conflict?  The rc.conf(5) manual page lists the
available hooks, which allow both IPFilter- and ipfw-based packet
filtering and NAT.  The IPFilter support is enabled by using the
ipfilter_* and ipnat_* variables, and the ipfw/natd support is enabled
by using the firewall_* and natd_* variables.  You can choose which of
those to use; sometimes it is even possible to use both IPFilter and
ipfw subsystems together, though this should only be done when you are
really, really sure what you are doing :)

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If wishes were fishes, the antecedent of this conditional would be true.

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE990l57Ri2jRYZRVMRAsrOAKCGUODPIwyQHvpSroithsUbhp1OMgCdFABY
gInvHkU5/k1GPYnnqmsoWQA=
=hYub
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021211141937.GA42980>