From owner-freebsd-questions  Sun Oct 29 18: 2: 6 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mail0.lig.bellsouth.net (mail0.lig.bellsouth.net [205.152.0.90])
	by hub.freebsd.org (Postfix) with ESMTP id 60C5D37B479
	for <FreeBSD-questions@FreeBSD.ORG>; Sun, 29 Oct 2000 18:02:00 -0800 (PST)
Received: from prokyon.com (adsl-61-148-46.int.bellsouth.net [208.61.148.46])
	by mail0.lig.bellsouth.net (3.3.5alt/0.75.2) with ESMTP id VAA26747;
	Sun, 29 Oct 2000 21:01:41 -0500 (EST)
Message-ID: <39FCD635.9BA3A1B7@prokyon.com>
Date: Sun, 29 Oct 2000 21:00:21 -0500
From: Chris Browning <brownicm@prokyon.com>
X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Jaroshenko Serge <jaroshenko@mail.ru>
Cc: James Wilde <james.wilde@telia.com>,
	FreeBSD-questions@FreeBSD.ORG
Subject: Re: IPFW vs IP-Filter
References: <Pine.BSF.4.21.0010251652450.27693-100000@freebsd.merlin.ru>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Jaroshenko Serge wrote:
> 
> On Wed, 25 Oct 2000, James Wilde wrote:
> 
> > I've checked the handbook and other sources on IPFW and IP-Filter and I
> > would appreciate some comments on the two.
> >
> > I assume that one uses either/or and not both.  IPFW is compiled into the
> > kernel but IP-Filter runs as an application.
> 
> ipfilter is compiled into kernel -  see LINT :
> 
> options         IPFIREWALL              #firewall
> options         IPFIREWALL_VERBOSE      #print information about
>                                         # dropped packets
> options         IPFIREWALL_FORWARD      #enable transparent proxy support
> options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
> options         IPFIREWALL_DEFAULT_TO_ACCEPT
> options         IPDIVERT                #divert sockets
> options         IPFILTER                #ipfilter support
> options         IPFILTER_LOG            #ipfilter logging
> options         IPSTEALTH               #support for stealth forwarding
> 

I picked up an extra low-end box and was just about to begin
playing with ipf. I've been using ipfw for about 9 months
and have been happy, but, you know...

If I'm not mistaken, I interpret this post as saying that I
need the ipfw kernel options to run ipf. I had assumed that
only the ipf options were necessary. What's up here? I'm
glad I ran across this.

-- 
------------------------
Chris Browning
brownicm@prokyon.com
------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message