From owner-freebsd-questions Fri Jul 7 11:35: 0 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay1.inwind.it (relay1.inwind.it [212.141.53.67]) by hub.freebsd.org (Postfix) with ESMTP id 09EAD37C068 for ; Fri, 7 Jul 2000 11:34:49 -0700 (PDT) (envelope-from bartequi@inwind.it) Received: from bartequi.ottodomain.org (212.141.78.224) by relay1.inwind.it; 7 Jul 2000 20:34:46 +0200 From: Salvo Bartolotta Date: Fri, 07 Jul 2000 19:35:29 GMT Message-ID: <20000707.19352900@bartequi.ottodomain.org> Subject: Re: Q: IPFIREWALL or IPFILTER? To: Peter.McGarvey@telinco.net Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <3966015C.FCDCD1F5@telinco.net> References: <3966015C.FCDCD1F5@telinco.net> X-Mailer: SuperCalifragilis X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 7/7/00, 5:12:12 PM, Peter McGarvey wrote= =20 regarding Q: IPFIREWALL or IPFILTER?: > In building a new kernel, I can add support for IPFIREWALL and=20 IPFILTER. > What I'd like to know is what's the difference? > And which is better? > And is both a bad idea? > The only firewalls I've ever dealt with are of the packet filtering=20 sort > built into routers. But now I'm playing with a FreeBSD box with 3=20 NICs > so it seems like a good time to learn a bit more about firewalls. > Discovering that FreeBSD supports two I went looking for some sort of > comparison between the two. But couldn't find anything. Hence, the > above questions. > -- > TTFN, FNORD > Peter McGarvey, Unix Administrator > Network Operations Center, Telinco Limited Dear Peter McGarvey, I would not like to start a theological dispute in the least :-) Both of them can be configured with stateful rules. My (as yet=20 limited) understanding is that, essentially, they perform analogous=20 functions albeit ipfilter seems to be slighly more flexible. BTW, as an exercise, I am developing solutions based on both. You may wish to have a look at Marc's tutorial (on ipfw), which is=20 found at http://www.freeebsd.org/tutorials/dialup-firewall: mutatis=20 mutandis, it will provide an excellent starting point; other general=20 information (about firewalls) is found in the handbook. You might also want to read the relevant man pages (security(7);=20 ipfw(8); ipf(1,4,5)), and/or browse a few sites dealing with security=20 (e.g. http://www.cert.org); as regards ipfilter at large, you may wish=20 to begin reading http://www.linuxsecurity.com/resource_files/firewalls/ipf-howto.txt;=20 in addition, you will want to search the archives, in particular=20 -security, and gather further (more or less theological) information. One last note.=20 A couple of days ago a dangerous network-related bug was detected: you=20 may wish to retrieve kern/19722. HTH just a tiny bit, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message