From owner-freebsd-questions  Fri Oct 12  8:52:54 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pickup2-ld.pvd.loa.net (pickup.loa.com [199.171.167.59])
	by hub.freebsd.org (Postfix) with SMTP id 4811F37B40B
	for <freebsd-questions@freebsd.org>; Fri, 12 Oct 2001 08:52:43 -0700 (PDT)
Received: (qmail 23977 invoked by uid 0); 12 Oct 2001 15:52:41 -0000
Received: from unknown (HELO pretorian) ([208.130.43.221]) (envelope-sender <?>)
          by pickup2-ld.pvd.loa.net (qmail-ldap-1.03) with SMTP
          for <>; 12 Oct 2001 15:52:41 -0000
Message-ID: <002101c15335$f1d49ee0$24b4a8c0@pretorian>
From: "Maine LOA List Admin (Brent Bailey)" <brentb@loa.com>
To: "Thomas T. Veldhouse" <veldy@veldy.net>,
	"Alfatrion" <alfatrion@cybertron.tmfweb.nl>
Cc: "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>,
	<freebsd-stable@freebsd.org>, <freebsd-questions@freebsd.org>
References: <20011012154307.O52936-100000@klima.physik.uni-mainz.de> <003601c15328$db264480$24b4a8c0@pretorian> <3BC700CE.8000201@cybertron.tmfweb.nl> <010001c15331$23f1da00$3028680a@tgt.com>
Subject: Re: IPFW or IPFILTER?
Date: Fri, 12 Oct 2001 11:52:49 -0400
Organization: Log On America
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

i guess its a matter of opinion

B
----- Original Message -----
From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: "Alfatrion" <alfatrion@cybertron.tmfweb.nl>; "Maine LOA List Admin
(Brent Bailey)" <brentb@loa.com>
Cc: "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>;
<freebsd-stable@freebsd.org>; <freebsd-questions@freebsd.org>
Sent: Friday, October 12, 2001 11:18 AM
Subject: Re: IPFW or IPFILTER?


> ipfw add check-state
> .
> .
> .
> ipfw add pass tcp from any to any via tun0 out keep-state
>
> However, if you plan to use NAT, I highly recommend IPFilter -- it is "in
> kernel", so there is not a transition from kernel -> userland -> kernel.
> Also, natd is quirky and can cause "failed to write back packet" (IIRC)
when
> not configured "perfectly".  The samples in the /etc/rc.firewall file
cause
> this error message.
>
> Tom Veldhouse
> veldy@veldy.net
>
>
> > I find IPF more configurable as IPFW. I don't know how to do the
> > folowing in IPFW: pass out quick on tun0 proto tcp from any to any keep
> > state.
> >
> > Alex
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-stable" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message