From owner-freebsd-hackers Wed Aug 14 06:03:30 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA27934 for hackers-outgoing; Wed, 14 Aug 1996 06:03:30 -0700 (PDT) Received: from ra.dkuug.dk (ra.dkuug.dk [193.88.44.193]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id GAA27929 for ; Wed, 14 Aug 1996 06:03:27 -0700 (PDT) Received: (from sos@localhost) by ra.dkuug.dk (8.6.12/8.6.12) id PAA13221; Wed, 14 Aug 1996 15:03:18 +0200 Message-Id: <199608141303.PAA13221@ra.dkuug.dk> Subject: Re: ipfw vs ipfilter? To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Wed, 14 Aug 1996 15:03:18 +0200 (MET DST) Cc: hackers@freebsd.org In-Reply-To: <14393.840023370@time.cdrom.com> from "Jordan K. Hubbard" at Aug 14, 96 04:49:30 am From: sos@freebsd.org Reply-to: sos@freebsd.org X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In reply to Jordan K. Hubbard who wrote: > > I've been trying to implement a firewall for the past couple of days, > and over the course of same have come to realize a few interesting > things I didn't know (at least from direct experience) before: > > 1. ipfw is klunky. klunky interface, klunky syntax, klunky code. You got that right :) > 2. ipfw has changed so much, and with so little regard for > backwards-compatible command syntax, that many of the docs > floating around for it do not even apply. Exactly. > 4. Darren Reed's ipfilter software is well documented, supported, and runs > on everything from Solaris to Linux to *BSD. It also has some interesting > looking tools which have been written for it. > > 5. ipfilter's license is very relaxed. There's no reason we couldn't > bundle it. > > 6. If I get this firewall up and running easily with ipfilter (and the Jury's > still out on that), you can expect to hear me chanting "down with ipfw! > up with ipfilter!" in the near future. :-) I'm all for it !! It leaves the question what to do with julian's redirect code ?? It shares much of the same "features" that ipfw does, and for all I care it can go as well.. Most of the features with it is now in ipfilter... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- So much code to hack -- so little time.