From owner-freebsd-security Sun Jul 30 21:51:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from superconductor.rush.net (superconductor.rush.net [208.9.155.8]) by hub.freebsd.org (Postfix) with ESMTP id 3C13337BAAB for ; Sun, 30 Jul 2000 21:51:29 -0700 (PDT) (envelope-from trish@bsdunix.net) Received: from localhost (trish@localhost) by superconductor.rush.net (8.9.3/8.9.3) with ESMTP id AAA19516; Mon, 31 Jul 2000 00:50:48 -0400 (EDT) Date: Mon, 31 Jul 2000 00:50:27 -0400 (EDT) From: Siobhan Patricia Lynch X-Sender: trish@superconductor.rush.net To: Darren Reed Cc: schluntz@workofstone.com, freebsd-security@FreeBSD.ORG Subject: Re: Problems with natd and simple firewall In-Reply-To: <200007310043.KAA26938@cairo.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 31 Jul 2000, Darren Reed wrote: > If you want to "add security" then you put in place something like a box > with FWTK or Gauntlet. Layering packet filters does not add a second > layer of protection, IMHO, just lets you stop FW-1 from crashing >;-) > But you'd only use ipfw if you didn't know how to run up ipfilter in any > case :-) > well it depends, does ipfilter work with bridging on freebsd? then of course if I was going to use ipfilter and bridging I guess I'd be stuck with OpenBSD (or netbsd?) -trish __ Trish Lynch FreeBSD - The Power to Serve trish@bsdunix.net Rush Networking trish@rush.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message