Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 5 Dec 2003 10:30:45 -0500
From:      "fbsd_user" <fbsd_user@a1poweruser.com>
To:        "Emmanuel Gravel" <mailinglistseg@earthlink.net>, <freebsd-questions@freebsd.org>
Subject:   RE: What exactly is ipfilter?
Message-ID:  <MIEPLLIBMLEEABPDBIEGKEKFEPAA.fbsd_user@a1poweruser.com>
In-Reply-To: <1070602696.3909.9.camel@hades>

next in thread | previous in thread | raw e-mail | index | archive | help
FBSD comes with two firewall applications built into the base
release. IPFW and IPFILTER. IPFW is an FBSD in-house project which
authored IPFW so the handbook leads the reader into thinking it's
the only firewall in FBSD. IPFW has just gone through an rewrite and
a bunch of code bloat was added in the form of new rule options
targeted at the professional FBSD user. It still contains the NATD
stateful bug and the stateless and simple stateful rule formats.
These rule formats do not provide the level of firewall security
necessary to protect your private network. I have used both
firewalls and have found that IPFILTER has cleaner stateful rule
format and in general is much easier to configure.  The nat process
is done out side of the firewall where by IPFW performs the NAT
process as subroutine called from within the filter rules.  Go with
IPFILTER you will be glade you did.


-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Emmanuel
Gravel
Sent: Friday, December 05, 2003 12:38 AM
To: freebsd-questions@freebsd.org
Subject: What exactly is ipfilter?

I'm looking through rc.conf and the kernel config file for FreeBSD
4.9
(recently downloaded it, my last upgrade was 4.5 so I was way
behind,
and this is a new install because my old firewall died). I'm used to
using ipfw and natd for my firewall, but now I'm seeing ipfilter,
ipnat
and ipmon. I've done a google search on all of www.freebsd.org for
ipfilter, but it only seems to show up in release notes, and the
online
handbook doesn't really talk about it. Since I haven't recompiled my
new
kernel, should I consider this instead of ipfw and natd? What's the
difference, exactly?

On a related note, I'm not sure what the usefulness of IPDIVERT is
either, so I don't know if I should compile it in the kernel or not.

Thanks!

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGKEKFEPAA.fbsd_user>