From owner-freebsd-questions@FreeBSD.ORG Thu Feb 26 11:08:18 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D95CA16A4CE for ; Thu, 26 Feb 2004 11:08:18 -0800 (PST) Received: from spock.ste-land.com (spock.ste-land.com [64.32.179.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CC6443D39 for ; Thu, 26 Feb 2004 11:08:18 -0800 (PST) (envelope-from ste@ste-land.com) Received: from ste-land.com (bgp377940bgs.plnfld01.nj.comcast.net [68.36.5.198]) by spock.ste-land.com (Postfix) with ESMTP id 6EEB12D24C; Thu, 26 Feb 2004 14:08:17 -0500 (EST) Message-ID: <403E4421.7030203@ste-land.com> Date: Thu, 26 Feb 2004 14:08:17 -0500 From: "Shaun T. Erickson" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Barbish3@adelphia.net References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Looking for ipfw info. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 19:08:19 -0000 JJB wrote: > The problem with all those links is that what they write about is > outdated and complete mis-directs the reader into using IPFW's > legacy stateless rules when only stateful rules should be used to > get the max level of protection. The rules she gives in her second article most certainly describe creating a stateful firewall. > They also completely ignore the > problem ipfw has with stateful rules not working when the > divert/naded subroutine call is used. IPFW has major legacy > stateful/NAT bug and ipfilter does not. Can you provide me with links to information that documents this? > Ipfilter provides an much > higher level of protection in an LAN environment than IPFW can ever > do in it's current state. Even the openbsd pf port is an better > firewall solution for a firewall with an LAN behind it then IPFW. Please provide me with links to documentation that objectively compares them, so that I can weigh the merits of what you say. > Please don't continue the FBSD's handbook mis-information about IPFW > being the only FBSD firewall solution or that it's the best > solution. The handbook is also way behind in it's content being > current and up to date. As a new FreeBSD user, there's no way I could possibly know that, now is there? I simply passed along what I have found to be useful. I still need to know the answer to my question about what changes I need to make to my kernel to support a firewall on my server. -ste