From owner-freebsd-questions Fri Jul 7 10:52:50 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.mdanderson.org (mail.mdacc.tmc.edu [143.111.87.47]) by hub.freebsd.org (Postfix) with ESMTP id 4AB5837BEF6 for ; Fri, 7 Jul 2000 10:52:42 -0700 (PDT) (envelope-from fosburgh@flash.net) Received: from jefnt (jef-nt.mdacc.tmc.edu [143.111.64.202]) by mail.mdanderson.org (8.9.1b+Sun/8.9.1) with SMTP id MAA11656; Fri, 7 Jul 2000 12:46:32 -0500 (CDT) Message-ID: <011a01bfe83b$bf47c710$ca406f8f@mdacc.tmc.edu> From: "Jonathan Fosburgh" To: , "FREEBSD-Questions" References: <3966015C.FCDCD1F5@telinco.net> Subject: Re: IPFIREWALL or IPFILTER? Date: Fri, 7 Jul 2000 12:49:41 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Peter McGarvey" To: "FREEBSD-Questions" Sent: Friday, July 07, 2000 11:12 AM Subject: Q: IPFIREWALL or IPFILTER? > In building a new kernel, I can add support for IPFIREWALL and IPFILTER. > > What I'd like to know is what's the difference? > > And which is better? > > And is both a bad idea? > > The only firewalls I've ever dealt with are of the packet filtering sort > built into routers. But now I'm playing with a FreeBSD box with 3 NICs > so it seems like a good time to learn a bit more about firewalls. > Discovering that FreeBSD supports two I went looking for some sort of > comparison between the two. But couldn't find anything. Hence, the > above questions. > In my own experience, ipfilter is easier to use. Its configuration file syntax is easier for me to understand, and this has allowed me to create a working firewall for my home LAN (running on dialup with dynamic IPs) with no overhead. I can get outside of it (something I couldn't accomplish with ipfirewall) and I can selectively block certain ports from the outside. So faw, I have encountered no problems. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message