Date: Wed, 30 Jun 1999 08:17:10 +1200 From: "Dan Langille" <junkmale@xtra.co.nz> To: "Art Neilson, KH7PZ" <art@hawaii.rr.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfilter vs ipfw (was Re: tcp_wrappers) Message-ID: <19990629202026.CZWS3789.mta1-rme@wocker> In-Reply-To: <3.0.6.32.19990629072506.03085c60@clients1.hawaii.rr.com> References: <19990629090654.GLCL112692.mta2-rme@wocker>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29 Jun 99, at 7:25, Art Neilson, KH7PZ wrote: > OK ipfilter does indeed look robust!! Looks like it can do > both natd and ipfw's job!! Yes, but for NAT, ipf uses ipnat. I wrote something about that at: http://www.freebsddiary.org/freebsd/ipnat.htm > I have been slowly hardening my > system with wrappers and ipfw, is ipfilter a complete replacement > for ipfw? Yes, you either use natd or ipf, not both. > I'll have to look closely and compare the two. Does > it make sense given ipfilters capabilities to have both > options IPFILTER and options IPFIREWALL in the kernel > at the same time? Do I still need options IPDIVERT in order > to use ipfilter's nat ? I know natd needs it. OK. Now you're asking me hard questions. <grin> The installation process for IPFILTER will add in what it needs. It won't remove what it doesn't. So if you start with a "clean" kernel (no natd), you'll have what you need. Checking my kernel, I don't have neither IPDIVERT nor IPFIREWALL. But I do have IPFILTER and IPFILTER_LOG. And I'm using ipf. -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990629202026.CZWS3789.mta1-rme>