Date: Sun, 30 Jul 2000 23:48:14 -0400 (EDT) From: Siobhan Patricia Lynch <trish@bsdunix.net> To: Bill Fumerola <billf@chimesnet.com> Cc: Miklos Niedermayer <mico@bsd.hu>, Mike Hoskins <mike@adept.org>, Darren Reed <avalon@coombs.anu.edu.au>, Pavol Adamec <pavol_adamec@tempest.sk>, freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) Message-ID: <Pine.BSO.4.21.0007302347070.21752-100000@superconductor.rush.net> In-Reply-To: <20000730122718.P5021@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
heh, remember which sites we are running with ipfw in front of it? maybe theres a problem when its all on the same box ;) -trish __ Trish Lynch FreeBSD - The Power to Serve trish@bsdunix.net Rush Networking trish@rush.net On Sun, 30 Jul 2000, Bill Fumerola wrote: > On Sat, Jul 29, 2000 at 07:48:21PM +0200, Miklos Niedermayer wrote: > > > > The only real reason I've heard ipf reccomended since ipfw got > > > keep-state/check-state is ipnat. > > > > I think that ipfw's statefullness is in a very early stage. > > It's unusable for any server that makes connections with a lot > of clients (irc client server, www server, etc) but is useful > for a server that only makes a few connections (application, > irc hub server, etc..). > > Why? Add 6000 rules to your ipfw-based firewall and see > what happens. > > -- > Bill Fumerola - Network Architect, BOFH / Chimes, Inc. > billf@chimesnet.com / billf@FreeBSD.org > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.21.0007302347070.21752-100000>