From owner-freebsd-questions@FreeBSD.ORG Fri Dec 5 08:02:17 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 977C516A4CE for ; Fri, 5 Dec 2003 08:02:17 -0800 (PST) Received: from mta7.adelphia.net (mta7.adelphia.net [68.168.78.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 584F743F75 for ; Fri, 5 Dec 2003 08:02:16 -0800 (PST) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([67.20.101.103]) by mta13.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20031205153046.SJFK14499.mta13.adelphia.net@barbish>; Fri, 5 Dec 2003 10:30:46 -0500 From: "fbsd_user" To: "Emmanuel Gravel" , Date: Fri, 5 Dec 2003 10:30:45 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <1070602696.3909.9.camel@hades> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: What exactly is ipfilter? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2003 16:02:17 -0000 FBSD comes with two firewall applications built into the base release. IPFW and IPFILTER. IPFW is an FBSD in-house project which authored IPFW so the handbook leads the reader into thinking it's the only firewall in FBSD. IPFW has just gone through an rewrite and a bunch of code bloat was added in the form of new rule options targeted at the professional FBSD user. It still contains the NATD stateful bug and the stateless and simple stateful rule formats. These rule formats do not provide the level of firewall security necessary to protect your private network. I have used both firewalls and have found that IPFILTER has cleaner stateful rule format and in general is much easier to configure. The nat process is done out side of the firewall where by IPFW performs the NAT process as subroutine called from within the filter rules. Go with IPFILTER you will be glade you did. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Emmanuel Gravel Sent: Friday, December 05, 2003 12:38 AM To: freebsd-questions@freebsd.org Subject: What exactly is ipfilter? I'm looking through rc.conf and the kernel config file for FreeBSD 4.9 (recently downloaded it, my last upgrade was 4.5 so I was way behind, and this is a new install because my old firewall died). I'm used to using ipfw and natd for my firewall, but now I'm seeing ipfilter, ipnat and ipmon. I've done a google search on all of www.freebsd.org for ipfilter, but it only seems to show up in release notes, and the online handbook doesn't really talk about it. Since I haven't recompiled my new kernel, should I consider this instead of ipfw and natd? What's the difference, exactly? On a related note, I'm not sure what the usefulness of IPDIVERT is either, so I don't know if I should compile it in the kernel or not. Thanks! _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"