From owner-freebsd-stable  Sun Dec 10 14:37:59 2000
From owner-freebsd-stable@FreeBSD.ORG  Sun Dec 10 14:37:57 2000
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp1.cluster.oleane.net (smtp1.cluster.oleane.net [195.25.12.16])
	by hub.freebsd.org (Postfix) with ESMTP id 9A55837B400
	for <freebsd-stable@FreeBSD.ORG>; Sun, 10 Dec 2000 14:37:56 -0800 (PST)
Received: from diabolic-cow.chatgris.net (dyn-1-1-001.Orl.dialup.oleane.fr [195.25.26.1]) by smtp1.cluster.oleane.net with ESMTP id eBAMbrl71516 for <freebsd-stable@FreeBSD.ORG>; Sun, 10 Dec 2000 23:37:54 +0100 (CET)
Received: by diabolic-cow.chatgris.net (Postfix, from userid 1000)
	id 9BA6D244; Sun, 10 Dec 2000 23:33:59 +0100 (CET)
Date: Sun, 10 Dec 2000 23:33:59 +0100
From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= <rguyom@pobox.com>
To: freebsd-stable@FreeBSD.ORG
Subject: Re: IPFIREWALL or IPFILTER?
Message-ID: <20001210233359.E22773@diabolic-cow.chatgris.net>
References: <Pine.BSF.4.21.0012031955270.59659-100000@ipamzlx.physik.uni-mainz.de> <00dd01c05e2e$e42a0700$0b6cffc8@infolink.com.br> <20001209112247.A22773@diabolic-cow.chatgris.net> <20001210111051.F86825@elvis.mu.org> <20001210194648.B22773@diabolic-cow.chatgris.net> <003101c062f3$4a9eccf0$0300a8c0@magus>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <003101c062f3$4a9eccf0$0300a8c0@magus>; from willwong@anime.ca on Sun, Dec 10, 2000 at 04:51:02PM -0500
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Dec 10, 2000 at 04:51:02PM -0500, William Wong wrote:
> ----- Original Message -----
> From: "Rémi Guyomarch" <rguyom@pobox.com>
> To: <freebsd-stable@FreeBSD.ORG>
> Sent: Sunday, December 10, 2000 1:46 PM
> Subject: Re: IPFIREWALL or IPFILTER?
...
> > You can use both firewall packages at the
> > same time. If you want to use IPFilter, then simply add it to the
> > kernel config, along with IPFIREWALL (ipfw) and DUMMYNET :
> >
> > options IPFIREWALL
> > options IPFIREWALL_DEFAULT_TO_ACCEPT
> > options DUMMYNET
> > options IPFILTER
> > options IPFILTER_LOG
> 
> If it is possible to use both packages at the same time, which gets
> processed first?

Reading the source (sys/netinet/ip_{input,output}.c), I think ipfilter
get the packet first, then ipfw + dummynet.

-- 
Rémi


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message