From owner-freebsd-questions@FreeBSD.ORG Thu Feb 26 10:57:14 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 850A916A4CE for ; Thu, 26 Feb 2004 10:57:14 -0800 (PST) Received: from mta13.adelphia.net (mta13.mail.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 274C643D2D for ; Thu, 26 Feb 2004 10:57:14 -0800 (PST) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.119]) by mta13.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20040226185713.JQLG28190.mta13.adelphia.net@barbish>; Thu, 26 Feb 2004 13:57:13 -0500 From: "JJB" To: "Shaun T. Erickson" , Date: Thu, 26 Feb 2004 13:57:13 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <403E38B3.9050401@ste-land.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: Looking for ipfw info. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 18:57:14 -0000 The problem with all those links is that what they write about is outdated and complete mis-directs the reader into using IPFW's legacy stateless rules when only stateful rules should be used to get the max level of protection. They also completely ignore the problem ipfw has with stateful rules not working when the divert/naded subroutine call is used. IPFW has major legacy stateful/NAT bug and ipfilter does not. Ipfilter provides an much higher level of protection in an LAN environment than IPFW can ever do in it's current state. Even the openbsd pf port is an better firewall solution for a firewall with an LAN behind it then IPFW. Please don't continue the FBSD's handbook mis-information about IPFW being the only FBSD firewall solution or that it's the best solution. The handbook is also way behind in it's content being current and up to date. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Shaun T. Erickson Sent: Thursday, February 26, 2004 1:20 PM To: freebsd-questions@freebsd.org Subject: Re: Looking for ipfw info. I wrote: > I have read the following 5 excellent articles on ipfw, by Dru Lavigne. I forgot to include the links. Here they are: BSD Firewalls: IPFW http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html BSD Firewalls: IPFW Rulesets http://www.onlamp.com/pub/a/bsd/2001/05/09/FreeBSD_Basics.html BSD Firewalls: Fine-Tuning Rulesets http://www.onlamp.com/pub/a/bsd/2001/06/01/FreeBSD_Basics.html IPFW Logging http://www.onlamp.com/pub/a/bsd/2001/06/21/FreeBSD_Basics.html Monitoring IPFW Logs http://www.onlamp.com/pub/a/bsd/2001/07/05/FreeBSD_Basics.html -ste _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"