Date: Sun, 30 Jul 2000 12:27:17 -0700 (PDT) From: "Jonathan M. Bresler" <jmb@hub.freebsd.org> To: mike@adept.org Cc: stephen@math.missouri.edu, freebsd-security@freebsd.org Subject: Re: Problems with natd and simple firewall Message-ID: <20000730192717.7C78237B717@hub.freebsd.org> In-Reply-To: <Pine.BSF.4.21.0007251206530.27676-100000@snafu.adept.org> (message from Mike Hoskins on Tue, 25 Jul 2000 12:13:10 -0700 (PDT))
next in thread | previous in thread | raw e-mail | index | archive | help
> > I came into this mess with mostly only PIX/FW1 experience... I'll admit > some initial frustration when glancing over the man page, but after I > decided to read it, word for word, and started toying with the examples, > I've found ipfw's syntax/behavior to be (often) more appealing than the > other products I use on a daily basis. > > -mrh one significant advantage of ipfw over FW1, aside from cost, is that ipfw can test on which interface a packet arrives and/or leaves. as far as i know, in FW1 its not possible to act upon packets based upon which interface the packet hits. imagine wanting to screen (spoofed) packets with the inside IP addresses arriving on the outside interface. ;( jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000730192717.7C78237B717>