Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 May 1999 07:24:39 +1200
From:      "Dan Langille" <junkmale@xtra.co.nz>
To:        Jim Whitelaw <jim@pdsys.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: ipfilter vs. natd vs. tcp_wrappers
Message-ID:  <19990520192659.LWKK7869945.mta1-rme@wocker>
In-Reply-To: <374442D9.4888F2A1@pdsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 20 May 99, at 11:14, Jim Whitelaw wrote:

> I'm not quite seeing the big picture of how all theses tools fit together
> and what their overlaps are. From what I read it appears that perhaps
> ipfilter offers similar services but better logging options than
> natd/ipfw? And tcp_wrappers appears to be used only in conjunction with
> services started via inetd, is that right? Why would I want (or not want)
> to use any particular method? 

I was using ipfw/natd when I first started with FreeBSD.  Then I swapped 
to ipfilter after encountering a problem with ipfw.  I can't recall 
exactly what it was, but it's in the mailing list archives somewhere.  But 
even if this problem were solved, I'd stay with ipfilter.  I like the rule 
groups which make it easier to add a new rule.  I think ipfilter is a more 
robust and feature rich product.

And yes, tcp_wrappers is only for services started from inetd and then 
only for those services which are started and then stopped for each 
request (more or less).  Tcp_wrappers is good because it allows you to 
specify what hosts can use what services and you can lot the results.  
Some could consider this an addition to your firewall.  But I find it much 
easier to use the tcp_wrapper then specify the hosts within ipfilter.
--
Dan Langille - DVL Software Limited
The FreeBSD Diary     - http://www.FreeBSDDiary.org/freebsd/
NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/
The Racing System     - http://www.racingsystem.com/racingsystem.htm


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990520192659.LWKK7869945.mta1-rme>