Date: Thu, 26 Feb 2004 14:40:26 -0500 From: "JJB" <Barbish3@adelphia.net> To: "Shaun T. Erickson" <ste@ste-land.com> Cc: freebsd-questions@freebsd.org Subject: RE: Looking for ipfw info. Message-ID: <MIEPLLIBMLEEABPDBIEGAEOAFMAA.Barbish3@adelphia.net> In-Reply-To: <403E4421.7030203@ste-land.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Shaun T. Erickson Sent: Thursday, February 26, 2004 2:08 PM To: Barbish3@adelphia.net Cc: freebsd-questions@freebsd.org Subject: Re: Looking for ipfw info. JJB wrote: > The problem with all those links is that what they write about is > outdated and complete mis-directs the reader into using IPFW's > legacy stateless rules when only stateful rules should be used to > get the max level of protection. The rules she gives in her second article most certainly describe creating a stateful firewall. Yes for an firewall without an lan behind it > They also completely ignore the > problem ipfw has with stateful rules not working when the > divert/naded subroutine call is used. IPFW has major legacy > stateful/NAT bug and ipfilter does not. Can you provide me with links to information that documents this? There was a very long thread in this questions list that beat this subject to death some time since the start of this year if I remember correctly. > Ipfilter provides an much > higher level of protection in an LAN environment than IPFW can ever > do in it's current state. Even the openbsd pf port is an better > firewall solution for a firewall with an LAN behind it then IPFW. Please provide me with links to documentation that objectively compares them, so that I can weigh the merits of what you say. You have to do you own home work and compare then your self like I did. Or take my word for it and say yourself a lot of leg work. I have spent 18 months working on this subject before coming to this conclusions. This is not an stab in the dark put the result of much testing and questioning on this list. You can access this lists archives at Then search the questions list archives at http://docs.freebsd.org/mail/archive/2004/freebsd-questions/ Or select one of the other officially archives which may be more appropriate http://docs.freebsd.org/mail/archive/2004/ These official FBSD archives are not user friendly and do not have search ability. http://freebsd.rambler.ru/ has search ability but it does not present the posts in thread form, but in individual posts which is harder to navigate around. This is the search URL I use, http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&group=luck y.freebsd.questions It uses the lucky.freebsd.question news group, It's only 8 hours behind the realtime activity on the FBSD questions list. It presents the answers to your search in thread format. Be sure to click on option to search within this newsgroup, or it will search all newsgroups which dilutes the results. When searching the archives don't bother going back further than 14 months, generally information older than that is outdated as it does not reflect the current stable release. > Please don't continue the FBSD's handbook mis-information about IPFW > being the only FBSD firewall solution or that it's the best > solution. The handbook is also way behind in it's content being > current and up to date. As a new FreeBSD user, there's no way I could possibly know that, now is there? I simply passed along what I have found to be useful. I still need to know the answer to my question about what changes I need to make to my kernel to support a firewall on my server. There is no mandatory requirement to compile ipfw or ipfilter into your kernel or that doing so provides any additional security. The loadable module versions work just fine, and only takes one comment in rc.conf and a reboot to disable. www.a1poweruser.com Is where you can purchase the complete results of my in-depth research, as soon as I complete the buy now button function. Check back in a week. -ste _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGAEOAFMAA.Barbish3>