Date: Mon, 19 Aug 1996 18:33:11 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: hackers@freebsd.org Subject: Re: ipfw vs ipfilter Message-ID: <Pine.BSF.3.91.960819182519.11542D-100000@panda.hilink.com.au> In-Reply-To: <7036.840432968@critter.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Aug 1996, Poul-Henning Kamp wrote: > >IP Filter has its own set of regression tests, which you can verify yourself > >and then against a test run, if you like. Not to mention that this has > >helped find bugs. Both rule parsing and rule processing are tested for > >correctness. This is seen in neither ipfw or ipfwadm for FreeBSD/Linux. > >In a security concious world, how can you not want to be sure of something > >like this ? > > Uhm, aren't people overlooking the obvious here: We can have both, > and the user can choose. That was my hope at least. Seemed obvious to me from the start, especially since the 'hook' code for ipfilter is relatively small, and ipfilter and ipfw are enabled by different kernel options. Still, I thought Jordan was looking to standardize on a single filter. Maybe for 2.1.6 (or whatever is turns out to be :-)) the ipfilter hooks could be left in the kernel, and the lkm, man pages and utilities made into a package. Or, someone could make the FreeBSD installation notes that Darren packages a little more clear. I did it all last week, so I guess I'm an obvious choice to do that. Heck, I'll do it now. Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960819182519.11542D-100000>