From owner-freebsd-security@FreeBSD.ORG  Thu Aug  7 15:22:58 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7714937B401
	for <freebsd-security@freebsd.org>;
	Thu,  7 Aug 2003 15:22:58 -0700 (PDT)
Received: from zimbo.cs.wm.edu (zimbo.cs.wm.edu [128.239.2.64])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9BA4A43FA3
	for <freebsd-security@freebsd.org>;
	Thu,  7 Aug 2003 15:22:57 -0700 (PDT)
	(envelope-from zvezdan@dali.cs.wm.edu)
Received: from dali.cs.wm.edu (dali [128.239.26.26])
	by zimbo.cs.wm.edu (8.12.8/8.12.8) with ESMTP id h77MMuaC027618
	for <freebsd-security@freebsd.org>; Thu, 7 Aug 2003 18:22:56 -0400
Received: (from zvezdan@localhost)
	by dali.cs.wm.edu (8.12.8/8.12.8/Submit) id h77MMtjo018461
	for freebsd-security@freebsd.org; Thu, 7 Aug 2003 18:22:55 -0400
Date: Thu, 7 Aug 2003 18:22:55 -0400
From: Zvezdan Petkovic <zvezdan@CS.WM.EDU>
To: freebsd-security@freebsd.org
Message-ID: <20030807222255.GA18430@dali.cs.wm.edu>
Mail-Followup-To: freebsd-security@freebsd.org
References: <20030807191926.50590.qmail@web10108.mail.yahoo.com>
	<000001c35d26$cd0827b0$0304a8c0@delllaptop>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000001c35d26$cd0827b0$0304a8c0@delllaptop>
User-Agent: Mutt/1.4.1i
Subject: Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Aug 2003 22:22:58 -0000

On Thu, Aug 07, 2003 at 01:59:27PM -0700, Chris Odell wrote:
> 
> But why IPFW? IPF is *BSD native wall. I actually use both - IPF for
> firewalling, and IPFW for throttling via dummy net. My recommended
> reading for IPF and IPFW is "Building Linux and OpenBSD Firewalls"...

Where did you get this information?

Native firewall for FreeBSD is ipfw, AFAIK.  It's even used on OS X as a
native firewall, due to Darwin's FreeBSD roots.

Also, OpenBSD stopped using ipf four releases ago.  The native firewall
for OpenBSD is pf.  pf inherited much of the syntax from ipf, but also
extended it and added some features.

That said, I personally find ipf quite a good stateful firewall and its
syntax can feel more natural than ipfw syntax.  It also works on Solaris
and other OS's besides *BSDs.

-- 
Zvezdan Petkovic <zvezdan@cs.wm.edu>
http://www.cs.wm.edu/~zvezdan/