From owner-freebsd-security Sat Jun 22 09:44:01 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA17804 for security-outgoing; Sat, 22 Jun 1996 09:44:01 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id JAA17787 for ; Sat, 22 Jun 1996 09:43:59 -0700 (PDT) Received: from post.io.org (post.io.org [198.133.36.6]) by who.cdrom.com (8.6.12/8.6.11) with ESMTP id JAA27454 for ; Sat, 22 Jun 1996 09:43:57 -0700 Received: from zap.io.org (taob@zap.io.org [198.133.36.81]) by post.io.org (8.7.5/8.7.3) with SMTP id MAA25903; Sat, 22 Jun 1996 12:39:45 -0400 (EDT) Date: Sat, 22 Jun 1996 12:40:44 -0400 (EDT) From: Brian Tao To: Darren Reed cc: FREEBSD-SECURITY-L Subject: Re: IPFW vs. IP Filter? In-Reply-To: <199606221557.LAA16392@io.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Sun, 23 Jun 1996, Darren Reed wrote: > > It might make it a bit difficult on the human side to work out which > is doing what, however, so I'd be tempted to use one or the other. Yeah... I think I'm going to try ipfilter out, since some of the local NetBSD security folks in town recommend it highly. Now to figure out how to get it installed here. I'm not groking how lkm's are supposed to be built... the INSTALL.xBSD instructions don't work. I'll fiddle with it some more before I pester you with more questions. :) BTW, this is in the ipfw man page: | There is one kind of packet that the firewall will always discard, that | is an IP fragment with a fragment offset of one. This is a valid packet, | but it only has one use, to try to circumvent firewalls. I assume ipfilter does this as well? -- Brian Tao (BT300, taob@io.org, taob@ican.net) Systems and Network Administrator, Internet Canada Corp. "Though this be madness, yet there is method in't"