From owner-freebsd-security@FreeBSD.ORG Fri Aug 8 15:49:50 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BEE237B401 for ; Fri, 8 Aug 2003 15:49:50 -0700 (PDT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 8061743F75 for ; Fri, 8 Aug 2003 15:49:49 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 11167 invoked by uid 1001); 8 Aug 2003 22:49:48 -0000 Date: Fri, 8 Aug 2003 18:49:48 -0400 From: "Peter C. Lai" To: freebsd-security@freebsd.org Message-ID: <20030808224948.GC2559@cowbert.2y.net> References: <20030807191926.50590.qmail@web10108.mail.yahoo.com> <000001c35d26$cd0827b0$0304a8c0@delllaptop> <20030807222255.GA18430@dali.cs.wm.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030807222255.GA18430@dali.cs.wm.edu> User-Agent: Mutt/1.4i Subject: Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter.lai@uconn.edu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2003 22:49:50 -0000 What are you meaning by "native"? They both exist as part of the base FreeBSD kernel; so in that sense, both ipf and ipfw are "native" to FreeBSD. I don't see how this argument is appropriate for choosing one over the other anyway. On Thu, Aug 07, 2003 at 06:22:55PM -0400, Zvezdan Petkovic wrote: > On Thu, Aug 07, 2003 at 01:59:27PM -0700, Chris Odell wrote: > > > > But why IPFW? IPF is *BSD native wall. I actually use both - IPF for > > firewalling, and IPFW for throttling via dummy net. My recommended > > reading for IPF and IPFW is "Building Linux and OpenBSD Firewalls"... > > Where did you get this information? > > Native firewall for FreeBSD is ipfw, AFAIK. It's even used on OS X as a > native firewall, due to Darwin's FreeBSD roots. > > Also, OpenBSD stopped using ipf four releases ago. The native firewall > for OpenBSD is pf. pf inherited much of the syntax from ipf, but also > extended it and added some features. > > That said, I personally find ipf quite a good stateful firewall and its > syntax can feel more natural than ipfw syntax. It also works on Solaris > and other OS's besides *BSDs. > > -- > Zvezdan Petkovic > http://www.cs.wm.edu/~zvezdan/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/