From owner-freebsd-security  Sat Jun 22 08:58:02 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA14329
          for security-outgoing; Sat, 22 Jun 1996 08:58:02 -0700 (PDT)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA14322
          for <freebsd-security@FreeBSD.org>; Sat, 22 Jun 1996 08:57:58 -0700 (PDT)
Message-Id: <199606221557.IAA14322@freefall.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA263449054; Sun, 23 Jun 1996 01:57:34 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: IPFW vs. IP Filter?
To: guido@gvr.win.tue.nl (Guido van Rooij)
Date: Sun, 23 Jun 1996 01:57:34 +1000 (EST)
Cc: taob@io.org, freebsd-security@FreeBSD.org
In-Reply-To: <199606221519.RAA05233@gvr.win.tue.nl> from "Guido van Rooij" at Jun 22, 96 05:19:02 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

In some mail from Guido van Rooij, sie said:
> 
> Brian Tao wrote:
> >     I'm setting up a FreeBSD-based firewall here, and my original plan
> > was to go with IPFW in the kernel.  However, it seems there isn't any
> > recent documentation for it (both the man page and the handbook entry
> > are out of date).  IP Filter 3.0.4 (http://coombs.anu.edu.au/~avalon/)
> > also looks very nice, and Andrew Stesin recently recommended it here.
> > 
> >     Should I disable IPFW in the kernel and put IP Filter in its place
> > then, or can (should?) the two coexist?  My main beef is that the IPFW
> > documentation is rather lacking, and /usr/src/sbin/ipfw/ipfw.c isn't
> > helpfully commented.  Suggestions appreciated.  Thanks.
> 
> I have a router with both ipfilter and ipfw. However, it is an early
> version of ipfilter. I think it can cooperate well, though I havent looked
> at the sources recently. You can ask Daren Reed, the auithor of

There's 2 r's in Darren :-)

> ipfilter (avalon@coombs.anu.edu.au). I think he's also using FreeBSD
> these days.

He is indeed (but currently bitching about how Linux kernels - 2.0 - still
builds in a brain dead fashion, so you can rest easy there, folks).

It is quite possible that both could be put on and work (ipfilter & ipfw).

It might make it a bit difficult on the human side to work out which is doing
what, however, so I'd be tempted to use one or the other.

Cheers,
Darren