From owner-freebsd-current  Sat Jan  8 11: 0: 8 2000
Delivered-To: freebsd-current@freebsd.org
Received: from dozer.skynet.be (dozer.skynet.be [195.238.2.36])
	by hub.freebsd.org (Postfix) with ESMTP id 3685914DCD
	for <freebsd-current@FreeBSD.ORG>; Sat,  8 Jan 2000 11:00:05 -0800 (PST)
	(envelope-from blk@skynet.be)
Received: from [195.238.19.211] (dialup211.brussels.skynet.be [195.238.19.211])
	by dozer.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id TAA22758;
	Sat, 8 Jan 2000 19:59:56 +0100 (MET)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v04220800b49d334378cf@[195.238.21.69]>
In-Reply-To: <200001081603.RAA10786@info.iet.unipi.it>
References: <200001081603.RAA10786@info.iet.unipi.it>
Date: Sat, 8 Jan 2000 19:40:07 +0100
To: Luigi Rizzo <luigi@info.iet.unipi.it>,
	james <death@southcom.com.au>
From: Brad Knowles <blk@skynet.be>
Subject: Re: ipf vs. ipfw
Cc: freebsd-current@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 5:03 PM +0100 2000/1/8, Luigi Rizzo wrote:

>  Other reasons for the switch could be the fact that ipf is stateful
>  (but i am working on adding state to ipfw, if i find proper support
>  - hint, hint), so you can build better things.

	I'm moving towards using ipfilter on our Solaris machines, 
primarily as a "super TCP-Wrappers" solution for improved host 
security, and what I've done so far it looks like the statefulness 
will be extremely useful.  I really appreciate that ipfilter works on 
many different platforms, not just one.

	However, if I can get the good features of ipfilter with ipfw 
under FreeBSD, I'd consider that to be sufficient reason to consider 
using ipfw instead.

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message