Date: 19 Jun 1999 17:30:13 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: "Brian F. Feldman" <green@unixhelp.org> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Doug Rabson <dfr@nlsystems.com>, Ruslan Ermilov <ru@ucb.crimea.ua>, ugen@xonix.com, hackers@FreeBSD.org, luigi@FreeBSD.org Subject: Re: Firewalls (was Re: Introduction) Message-ID: <xzpso7o8ayi.fsf@flood.ping.uio.no> In-Reply-To: "Brian F. Feldman"'s message of "Sat, 19 Jun 1999 11:12:07 -0400 (EDT)" References: <Pine.BSF.4.10.9906191105280.99153-100000@janus.syracuse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Brian F. Feldman" <green@unixhelp.org> writes: > On 19 Jun 1999, Dag-Erling Smorgrav wrote: > > Rewriting ipfw rules to ipfilter rules on the fly should be trivial; a > > simple Perl script should be sufficient. > Not quite as trivial as you think. ipfw and ipf are completely backwards when it comes > to rule order: in ipfw, the first rule matched takes effect; in ipf, the last rule matched > takes effect. Just throw in 'quick' and ipfilter behaves just like ipfw. > Note that Luigi's > extra ipfw functionality and my extra ipfw functionality _will_ be wanted in ipf > before everyone is necessarily willing to switch. Divert sockets, dummynet and credential-based filtering would be sorely missed if they weren't ported to ipfilter. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpso7o8ayi.fsf>