Date: Tue, 29 Jun 1999 10:33:07 -0700 (PDT) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: "Art Neilson, KH7PZ" <art@hawaii.rr.com> Cc: junkmale@xtra.co.nz, freebsd-questions@FreeBSD.ORG Subject: Re: ipfilter vs ipfw (was Re: tcp_wrappers) Message-ID: <Pine.BSF.4.05.9906291029260.19178-100000@harlie.bfd.com> In-Reply-To: <3.0.6.32.19990629072506.03085c60@clients1.hawaii.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 Jun 1999, Art Neilson, KH7PZ wrote: > OK ipfilter does indeed look robust!! Looks like it can do > both natd and ipfw's job!! I have been slowly hardening my > system with wrappers and ipfw, is ipfilter a complete replacement > for ipfw? I'll have to look closely and compare the two. Does > it make sense given ipfilters capabilities to have both > options IPFILTER and options IPFIREWALL in the kernel > at the same time? Do I still need options IPDIVERT in order > to use ipfilter's nat ? I know natd needs it. For the most part yes, though I've found things that ipfw can do that ipfilter (as of the last release version, the latest beta may have added it) but it has mostly to do with bypassing nat when communicating between a DMZ and the protected network. IPDIVERT requires ipfw, but aside from some VPN software I wrote, natd is the only program I'm aware of that requires that option. Personally, I prefer ipfw. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906291029260.19178-100000>