Date: Wed, 21 Nov 2001 18:19:29 +0100 From: Bart Matthaei <bart@dreamflow.nl> To: freebsd-security@rikrose.net Cc: security@freebsd.org Subject: Re: Best security topology for FreeBSD Message-ID: <20011121181929.A15275@heresy.dreamflow.nl> In-Reply-To: <Pine.LNX.4.21.0111211653410.8343-100000@pkl.net>; from freebsd-security@rikrose.net on Wed, Nov 21, 2001 at 05:01:15PM %2B0000 References: <7052044C7D7AD511A20200508B5A9C585169B6@MAGRAT> <Pine.LNX.4.21.0111211653410.8343-100000@pkl.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Nov 21, 2001 at 05:01:15PM +0000, freebsd-security@rikrose.net wrote: > Basically, ipfw doesn't give as much control over the packets and > filtering as ipfilter, so use both. Care to explain why ? I think ipfw/ipf handle packets just as well.. The only thing i recall is a story about ipfw sending packets trough userland (?!). But thats just a vague story i've read somewhere. I dont see why ipfw can't do what he needs. Ipfw works pretty well with NAT, and it's good with traffic shaping. And I personally haven't had any troubles with ipfw filtering. Regards, B. -- Bart Matthaei bart@dreamflow.nl /* Welcome to my world.. You just live in it */ --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7++Ihgcc6pR+tCegRAhQUAKC0OftBR5KxsuzRMHhOiM+Sk1+mkwCfScoD M1a8XMAm7VnxvCpMiQmWCq0= =V4E3 -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011121181929.A15275>