Date: Sun, 10 Dec 2000 23:33:59 +0100 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= <rguyom@pobox.com> To: freebsd-stable@FreeBSD.ORG Subject: Re: IPFIREWALL or IPFILTER? Message-ID: <20001210233359.E22773@diabolic-cow.chatgris.net> In-Reply-To: <003101c062f3$4a9eccf0$0300a8c0@magus>; from willwong@anime.ca on Sun, Dec 10, 2000 at 04:51:02PM -0500 References: <Pine.BSF.4.21.0012031955270.59659-100000@ipamzlx.physik.uni-mainz.de> <00dd01c05e2e$e42a0700$0b6cffc8@infolink.com.br> <20001209112247.A22773@diabolic-cow.chatgris.net> <20001210111051.F86825@elvis.mu.org> <20001210194648.B22773@diabolic-cow.chatgris.net> <003101c062f3$4a9eccf0$0300a8c0@magus>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 10, 2000 at 04:51:02PM -0500, William Wong wrote:
> ----- Original Message -----
> From: "Rémi Guyomarch" <rguyom@pobox.com>
> To: <freebsd-stable@FreeBSD.ORG>
> Sent: Sunday, December 10, 2000 1:46 PM
> Subject: Re: IPFIREWALL or IPFILTER?
...
> > You can use both firewall packages at the
> > same time. If you want to use IPFilter, then simply add it to the
> > kernel config, along with IPFIREWALL (ipfw) and DUMMYNET :
> >
> > options IPFIREWALL
> > options IPFIREWALL_DEFAULT_TO_ACCEPT
> > options DUMMYNET
> > options IPFILTER
> > options IPFILTER_LOG
>
> If it is possible to use both packages at the same time, which gets
> processed first?
Reading the source (sys/netinet/ip_{input,output}.c), I think ipfilter
get the packet first, then ipfw + dummynet.
--
Rémi
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001210233359.E22773>