From owner-freebsd-questions Tue Jun 29 10:33:21 1999 Delivered-To: freebsd-questions@freebsd.org Received: from horst.bfd.com (horst.bfd.com [12.9.219.10]) by hub.freebsd.org (Postfix) with ESMTP id 7513C14D9E for ; Tue, 29 Jun 1999 10:33:19 -0700 (PDT) (envelope-from ejs@bfd.com) Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14]) by horst.bfd.com (8.9.2/8.9.2) with ESMTP id KAA09176; Tue, 29 Jun 1999 10:33:07 -0700 (PDT) (envelope-from ejs@bfd.com) Date: Tue, 29 Jun 1999 10:33:07 -0700 (PDT) From: "Eric J. Schwertfeger" To: "Art Neilson, KH7PZ" Cc: junkmale@xtra.co.nz, freebsd-questions@FreeBSD.ORG Subject: Re: ipfilter vs ipfw (was Re: tcp_wrappers) In-Reply-To: <3.0.6.32.19990629072506.03085c60@clients1.hawaii.rr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 29 Jun 1999, Art Neilson, KH7PZ wrote: > OK ipfilter does indeed look robust!! Looks like it can do > both natd and ipfw's job!! I have been slowly hardening my > system with wrappers and ipfw, is ipfilter a complete replacement > for ipfw? I'll have to look closely and compare the two. Does > it make sense given ipfilters capabilities to have both > options IPFILTER and options IPFIREWALL in the kernel > at the same time? Do I still need options IPDIVERT in order > to use ipfilter's nat ? I know natd needs it. For the most part yes, though I've found things that ipfw can do that ipfilter (as of the last release version, the latest beta may have added it) but it has mostly to do with bypassing nat when communicating between a DMZ and the protected network. IPDIVERT requires ipfw, but aside from some VPN software I wrote, natd is the only program I'm aware of that requires that option. Personally, I prefer ipfw. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message