Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 09 Jun 2000 22:20:35 +0200
From:      Roelof Osinga <roelof@nisser.com>
To:        Marc Silver <marcs@draenor.org>
Cc:        Steve Coles <scoles@tripos.com>, questions@FreeBSD.ORG
Subject:   Re: Relative merits of IPFIREWALL and IPFILTER
Message-ID:  <39415193.74529252@nisser.com>
References:  <0f4a01bfd229$00605ab0$4c9814ac@volga.TRIPOS.COM> <39413FFB.85A522F6@nisser.com> <20000609211149.C81376@draenor.org> <39414492.ACFF042A@nisser.com> <20000609212713.F81376@draenor.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Marc Silver wrote:
> 
> *nod*
> 
> Just some examples are:
> 
> # Check state of all stateful connections
> ipfw add check-state
> 
> # Allow in any packets that are part of an existing connection
> ipfw add pass tcp from any to x.x.x.x in via rl0 established
> 
> # Allow outbound tcp/udp packets with state
> ipfw add allow tcp from x.x.x.x to any out via rl0 keep-state setup
> ipfw add allow udp from x.x.x.x to any out via rl0 keep-state
> ipfw add allow icmp from x.x.x.x to any out via rl0 keep-state
> 
> I only recently found out about it too...  :)

Yeah, well, it sorta comes back to me. Now that you mention
it <g>. A while ago there was this DoS attack that could not
be blocked by ipfw but could be stopped by ipf. Say a month
later there was indeed an announce regarding ipfw. Ah well <g>.

But what that difference gone there are only 'minor' differences
left. Most notably the control language. Ipf's looks more
complete. It also looks to have more capabilities regarding
looking into packets. E.g. making decisions based on the TTL.
Maybe that the dup-to can do more than divert can. Then again,
I'll be glad to be educated on that aspect, too ;).

Roelof

-- 
-----------------------------------------------------------------------
Eboa (ingenieursburo Office Automation)      web. http://eboa.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39415193.74529252>