From owner-freebsd-stable Sun Jan 28 20:33:57 2001 Delivered-To: freebsd-stable@freebsd.org Received: from easynet-gw.netvalue.fr (unknown [212.180.121.161]) by hub.freebsd.org (Postfix) with ESMTP id 260CD37B698 for ; Sun, 28 Jan 2001 20:33:39 -0800 (PST) Received: from mail.netvalue.fr (unknown [192.168.1.13]) by easynet-gw.netvalue.fr (Postfix) with ESMTP id 0E9758C29 for ; Mon, 29 Jan 2001 05:35:44 +0100 (CET) Received: from mail-hk.netvalue.fr ([192.168.100.13]) by mail.netvalue.fr (Netscape Messaging Server 3.6) with ESMTP id AAA3123 for ; Mon, 29 Jan 2001 05:33:30 +0100 Received: from erwan.netvalue.fr ([192.168.100.100]) by mail-hk.netvalue.fr (Netscape Messaging Server 4.15) with ESMTP id G7WPZB00.8FL; Mon, 29 Jan 2001 12:33:11 +0800 Received: from netvalue.com (localhost [127.0.0.1]) by erwan.netvalue.fr (Postfix) with ESMTP id 64CDF18D7; Mon, 29 Jan 2001 12:33:33 +0800 (HKT) Message-ID: <3A74F29D.1C68CF8F@netvalue.com> Date: Mon, 29 Jan 2001 12:33:33 +0800 From: Erwan Arzur Organization: NetValue Ltd. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en, fr-FR MIME-Version: 1.0 To: =?iso-8859-1?Q?Jo=E3o?= Fernandes Cc: stable@freebsd.org Subject: Re: IPF vs ipfw? References: <01012808071600.15005@OpsyDopsy.net.dhis.org> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Joćo Fernandes wrote: > > Could some one please enlighten me on the subject IPFilter Versus ipfw? > What the pros and cons may be? > Or if this topic has already been way discussed, could I be given an URL to > go and read the discussions? > > Thanks in advance. > > Joao Fernandes > Information about ipfilter on its home page : http://coombs.anu.edu.au/ipfilter/ My impression on ipfilter is that it is well and very actively maintained by its author, and is a very comprehensive package ... just as an example, the latest ECE flag advisory about ipfw came out when this new flag has been handled by ipfilter for a long time. Both of them are well documented (both the FreeBSD security howto and ipf howto are a must-read), when ipfilter needs more hard work to understand every aspects of it (which is good if you plan to be serious about your security) ... I've been using it for one year now, switching from ipfw because of its dynamic rules (keep state) feature which was not available in ipfw at this time. Now, it's exteremely difficult to give some pros and cons on any such sensible package without starting a flamewar :-) More discussion about this topic can be found on the security@freebsd.org archives, on www.freebsd.org. -- Erwan Arzur NetValue ltd. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message