Date: Thu, 8 Mar 2001 17:55:23 -0500 From: "Mason Harding" <mharding@marketnews.com> To: "Nathan Dorfman" <nathan@rtfm.net>, <freebsd-security@FreeBSD.ORG> Subject: RE: ipfw or ipf? Message-ID: <BGENLPKDCIBENFNNNAIDEEMFCAAA.mharding@marketnews.com> In-Reply-To: <20010307190222.A72795@rtfm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I run both IPF and IPFW, they can work together beautifully. I use IPF as my main Statefull packet filter, and IPFW with Dummynet for traffic shaping. Also I use squid for transparent HTTP proxying, and bridging for my DMZ ports(need to be on the same network as the LAN). It gets confusing, but it works perfectly :) Mason -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Nathan Dorfman Sent: Wednesday, March 07, 2001 7:02 PM To: freebsd-security@FreeBSD.ORG Subject: ipfw or ipf? Hi all, What should I know before deciding on one of ipf or IPFW for a -stable machine protecting a small network? >From what I recall, ipf had a few advantages like kernel-space NAT, keeping TCP state, and portability. What does IPFW do better than ipf? Are there any gross downsides to either? Thanks. -- Nathan Dorfman <nathan@rtfm.net> [http://www.rtfm.net] "The light at the end of the tunnel is the headlight of an approaching train." --/usr/games/fortune To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BGENLPKDCIBENFNNNAIDEEMFCAAA.mharding>