Date: Fri, 21 May 1999 07:24:39 +1200 From: "Dan Langille" <junkmale@xtra.co.nz> To: Jim Whitelaw <jim@pdsys.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfilter vs. natd vs. tcp_wrappers Message-ID: <19990520192659.LWKK7869945.mta1-rme@wocker> In-Reply-To: <374442D9.4888F2A1@pdsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 May 99, at 11:14, Jim Whitelaw wrote: > I'm not quite seeing the big picture of how all theses tools fit together > and what their overlaps are. From what I read it appears that perhaps > ipfilter offers similar services but better logging options than > natd/ipfw? And tcp_wrappers appears to be used only in conjunction with > services started via inetd, is that right? Why would I want (or not want) > to use any particular method? I was using ipfw/natd when I first started with FreeBSD. Then I swapped to ipfilter after encountering a problem with ipfw. I can't recall exactly what it was, but it's in the mailing list archives somewhere. But even if this problem were solved, I'd stay with ipfilter. I like the rule groups which make it easier to add a new rule. I think ipfilter is a more robust and feature rich product. And yes, tcp_wrappers is only for services started from inetd and then only for those services which are started and then stopped for each request (more or less). Tcp_wrappers is good because it allows you to specify what hosts can use what services and you can lot the results. Some could consider this an addition to your firewall. But I find it much easier to use the tcp_wrapper then specify the hosts within ipfilter. -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990520192659.LWKK7869945.mta1-rme>