Date: Mon, 10 Feb 2003 23:37:36 +0100 From: "Coercitas Temet'Nosce" <coercitas@hotmail.com> To: "'Daniel C. Sobral'" <dcs@tcoip.com.br>, "'Coercitas Temet'Nosce'" <coercitas@hotmails.com> Cc: "'Don'" <don@calis.blacksun.org>, <current@FreeBSD.ORG> Subject: RE : RE : IPFilter Message-ID: <000601c2d155$02a665c0$807ba8c0@XG396.local> In-Reply-To: <3E479EF4.4060008@tcoip.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, SPI stands for Statefull Packet Inspection. Wasn't aware IPFW was a
SPI Firewall, always thought IPFilter was much better. I used to run
iptables on Linux and tried IPFilter (which is very good imho). IPFW
pages aren't that explicit or I didn't looked at the right place.
Any of you can point me some nice pages to learn more about it ?
Regards
-----Message d'origine-----
De=A0: owner-freebsd-current@FreeBSD.ORG
[mailto:owner-freebsd-current@FreeBSD.ORG] De la part de Daniel C.
Sobral
Envoy=E9=A0: lundi 10 f=E9vrier 2003 13:46
=C0=A0: Coercitas Temet'Nosce
Cc=A0: 'Don'; current@FreeBSD.ORG
Objet=A0: Re: RE : IPFilter
Coercitas Temet'Nosce wrote:
> Pardon my poor knowledge about IPFW 2 but if I remember well, IPFW
> wasn't a SPI Firewall, which is what I need. Btw, previous Kernel
allows
> us to fine tune its building for IPF and now, it simply gone...was
> really wondering where those features are.
What, exactly, is a 'SPI' firewall? If you mean stateful firewall, you=20
haven't looking into ipfw for at least five years (making your remark=20
obsolete, not ipfw :).
The only thing I couldn't do with the old ipfw was atomic replacement of
rules. With ipfw2 I can do that. ipfw2 is default on 5.0 and can be=20
turned on on 4.7 (options IPFW2 on kernel and WITH_IPFW2, iirc, on=20
make.conf). The '2' is the version, the binary, man pages etc still have
all the same names.
>=20
> Is there any web place where I can find stuff about IPFW2 by chance ?
>=20
> regards
>=20
> -----Message d'origine-----
> De : owner-freebsd-current@FreeBSD.ORG
> [mailto:owner-freebsd-current@FreeBSD.ORG] De la part de Don
> Envoy=E9 : dimanche 9 f=E9vrier 2003 19:47
> =C0 : Coercitas Temet'Nosce
> Cc : current@freebsd.org
> Objet : Re: TR : IPFilter
>=20
>=20
>>Btw, I was looking for some docs on the FreeBSD website and didn't
>=20
> found
>=20
>>anything interesting, only firewall that FreeBSD seems to support
>>nowadays
>>is the old IPFW, which is quite obsolete now imo. Why are
>=20
> documentation
>=20
>>pages not dealing with IPF at all ? is there any reason ?
>=20
> Try ipfw2
>=20
> -Don
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
--=20
Daniel C. Sobral (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
Daniel.Sobral@tcoip.com.br
dcs@tcoip.com.br
Outros:
dcs@newsguy.com
dcs@freebsd.org
capo@notorious.bsdconspiracy.net
The past always looks better than it was.
It's only pleasant because it isn't here.
-- Finley Peter Dunne (Mr. Dooley)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601c2d155$02a665c0$807ba8c0>