From owner-freebsd-security Thu Mar 8 15: 2: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.marketnews.com (mail.economeister.com [205.183.200.2]) by hub.freebsd.org (Postfix) with ESMTP id 3AE1737B718 for ; Thu, 8 Mar 2001 15:01:57 -0800 (PST) (envelope-from mharding@marketnews.com) Received: from mharding ([205.183.200.45]) by mail.marketnews.com (8.11.0/8.9.3) with SMTP id f28N1Wj98727; Thu, 8 Mar 2001 18:01:32 -0500 (EST) From: "Mason Harding" To: "Nathan Dorfman" , Subject: RE: ipfw or ipf? Date: Thu, 8 Mar 2001 17:55:23 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20010307190222.A72795@rtfm.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I run both IPF and IPFW, they can work together beautifully. I use IPF as my main Statefull packet filter, and IPFW with Dummynet for traffic shaping. Also I use squid for transparent HTTP proxying, and bridging for my DMZ ports(need to be on the same network as the LAN). It gets confusing, but it works perfectly :) Mason -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Nathan Dorfman Sent: Wednesday, March 07, 2001 7:02 PM To: freebsd-security@FreeBSD.ORG Subject: ipfw or ipf? Hi all, What should I know before deciding on one of ipf or IPFW for a -stable machine protecting a small network? >From what I recall, ipf had a few advantages like kernel-space NAT, keeping TCP state, and portability. What does IPFW do better than ipf? Are there any gross downsides to either? Thanks. -- Nathan Dorfman [http://www.rtfm.net] "The light at the end of the tunnel is the headlight of an approaching train." --/usr/games/fortune To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message