From owner-freebsd-security Wed Nov 21 8:49:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from kumquat.mail.uk.easynet.net (kumquat.mail.uk.easynet.net [195.40.1.42]) by hub.freebsd.org (Postfix) with ESMTP id EAE9937B42B for ; Wed, 21 Nov 2001 08:49:35 -0800 (PST) Received: from magrat.office.easynet.net ([195.40.3.130]) by kumquat.mail.uk.easynet.net with esmtp (Exim 3.33 #1) id 166aYz-0004ux-00; Wed, 21 Nov 2001 16:49:29 +0000 Received: by MAGRAT with Internet Mail Service (5.5.2653.19) id ; Wed, 21 Nov 2001 16:49:25 -0000 Message-ID: <7052044C7D7AD511A20200508B5A9C585169B6@MAGRAT> From: Lee Brotherston To: 'Fernando Germano' , security@FreeBSD.ORG Subject: RE: Best security topology for FreeBSD Date: Wed, 21 Nov 2001 16:49:24 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org | I'm about to install a FreeBSD 4.4 box with some firewall and | I need to know | wich one of the freeware firewalls product is the best (IPFW, | IPFilter, | etc), or maybe if you could recomend me a good solution for | this situation: I would say that IPFilter is your best option at the moment. It is very rich in features and I believe it has some NAT-specific functionality built into it, although I've never used the NAT stuff so I can't vouch for it personally. You can also compile to kernel to use both ipfw and ipfilter for the best of both worlds. When you do this, I am not sure which one get's passed the packet first however. Thanks Lee -- Lee Brotherston - IP Security Manager, Easynet Ltd http://www.easynet.net/ Phone: +44 20 7900 4444 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message