From owner-freebsd-security  Sun Jul 30 20:49: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from superconductor.rush.net (superconductor.rush.net [208.9.155.8])
	by hub.freebsd.org (Postfix) with ESMTP id 5DF6C37B81E
	for <freebsd-security@FreeBSD.ORG>; Sun, 30 Jul 2000 20:49:02 -0700 (PDT)
	(envelope-from trish@bsdunix.net)
Received: from localhost (trish@localhost)
	by superconductor.rush.net (8.9.3/8.9.3) with ESMTP id XAA23969;
	Sun, 30 Jul 2000 23:48:14 -0400 (EDT)
Date: Sun, 30 Jul 2000 23:48:14 -0400 (EDT)
From: Siobhan Patricia Lynch <trish@bsdunix.net>
X-Sender: trish@superconductor.rush.net
To: Bill Fumerola <billf@chimesnet.com>
Cc: Miklos Niedermayer <mico@bsd.hu>, Mike Hoskins <mike@adept.org>,
	Darren Reed <avalon@coombs.anu.edu.au>,
	Pavol Adamec <pavol_adamec@tempest.sk>, freebsd-security@FreeBSD.ORG
Subject: Re: ipf or ipfw (was: log with dynamic firewall rules)
In-Reply-To: <20000730122718.P5021@jade.chc-chimes.com>
Message-ID: <Pine.BSO.4.21.0007302347070.21752-100000@superconductor.rush.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

heh, remember which sites we are running with ipfw in front of it?

maybe theres a problem when its all on the same box ;)

-trish

__

Trish Lynch
FreeBSD - The Power to Serve 		trish@bsdunix.net
Rush Networking				trish@rush.net

On Sun, 30 Jul 2000, Bill Fumerola wrote:

> On Sat, Jul 29, 2000 at 07:48:21PM +0200, Miklos Niedermayer wrote:
> 
> > > The only real reason I've heard ipf reccomended since ipfw got
> > > keep-state/check-state is ipnat.
> > 
> > I think that ipfw's statefullness is in a very early stage.
> 
> It's unusable for any server that makes connections with a lot
> of clients (irc client server, www server, etc) but is useful
> for a server that only makes a few connections (application,
> irc hub server, etc..).
> 
> Why? Add 6000 rules to your ipfw-based firewall and see
> what happens.
> 
> -- 
> Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
>                 billf@chimesnet.com / billf@FreeBSD.org
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message