From owner-freebsd-doc Wed Dec 11 6:20: 6 2002 Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26C4C37B401 for ; Wed, 11 Dec 2002 06:20:04 -0800 (PST) Received: from straylight.ringlet.net (office.sbnd.net [217.75.140.130]) by mx1.FreeBSD.org (Postfix) with SMTP id 8B97A43ED1 for ; Wed, 11 Dec 2002 06:19:58 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 70372 invoked by uid 1000); 11 Dec 2002 14:19:37 -0000 Date: Wed, 11 Dec 2002 16:19:37 +0200 From: Peter Pentchev To: Rudy~Rockstar =?windows-1251?Q?=AE?= Cc: doc@FreeBSD.org Subject: Re: IPFILTER or IPFIREWALL? Message-ID: <20021211141937.GA42980@straylight.oblivion.bg> Mail-Followup-To: Rudy~Rockstar =?windows-1251?Q?=AE?= , doc@FreeBSD.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 11, 2002 at 08:42:07AM -0500, Rudy~Rockstar =AE wrote: > hey doc team, >=20 > I was just wondering if >=20 > options IPFILTER =3D=3D=3D options IPFIREWALL No, 'options IPFILTER' brings in support for IPFilter (see the ipf(4), ipf(8), ipf(5), ipnat(8), ipnat(5) manual pages) , and 'options IPFIREWALL' brings in support for the FreeBSD-specific ipfw(4) functionality (see the ipfw(4), ipfw(8), natd(8) manual pages). Those are different packet filtering engines with quite similar capabilities, and there are good things to be said for both. > As the man page for rc.conf(5) conflicts the handbook howto on natd(8) fo= r=20 > FBSD 4.7-RELEASE. >=20 > rc.conf(5) man pg-- > http://www.freebsd.org/cgi/man.cgi?query=3Drc.conf&apropos=3D0&sektion=3D= 0&manpath=3DFreeBSD+4.7-RELEASE&format=3Dhtml >=20 > natd(8) howto -- > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html How exactly do those conflict? The rc.conf(5) manual page lists the available hooks, which allow both IPFilter- and ipfw-based packet filtering and NAT. The IPFilter support is enabled by using the ipfilter_* and ipnat_* variables, and the ipfw/natd support is enabled by using the firewall_* and natd_* variables. You can choose which of those to use; sometimes it is even possible to use both IPFilter and ipfw subsystems together, though this should only be done when you are really, really sure what you are doing :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If wishes were fishes, the antecedent of this conditional would be true. --NzB8fVQJ5HfG6fxh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE990l57Ri2jRYZRVMRAsrOAKCGUODPIwyQHvpSroithsUbhp1OMgCdFABY gInvHkU5/k1GPYnnqmsoWQA= =hYub -----END PGP SIGNATURE----- --NzB8fVQJ5HfG6fxh-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message