From owner-freebsd-questions Tue Jun 29 13:17:16 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mta1-rme.xtra.co.nz (unknown [203.96.92.1]) by hub.freebsd.org (Postfix) with ESMTP id A367014D73 for ; Tue, 29 Jun 1999 13:17:11 -0700 (PDT) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker ([210.55.152.83]) by mta1-rme.xtra.co.nz (InterMail v04.00.02.07 201-227-108) with SMTP id <19990629202026.CZWS3789.mta1-rme@wocker>; Wed, 30 Jun 1999 08:20:26 +1200 From: "Dan Langille" Organization: The FreeBSD Diary To: "Art Neilson, KH7PZ" Date: Wed, 30 Jun 1999 08:17:10 +1200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: ipfilter vs ipfw (was Re: tcp_wrappers) Reply-To: junkmale@xtra.co.nz Cc: freebsd-questions@FreeBSD.ORG In-reply-to: <3.0.6.32.19990629072506.03085c60@clients1.hawaii.rr.com> References: <19990629090654.GLCL112692.mta2-rme@wocker> X-mailer: Pegasus Mail for Win32 (v3.01d) Message-Id: <19990629202026.CZWS3789.mta1-rme@wocker> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 29 Jun 99, at 7:25, Art Neilson, KH7PZ wrote: > OK ipfilter does indeed look robust!! Looks like it can do > both natd and ipfw's job!! Yes, but for NAT, ipf uses ipnat. I wrote something about that at: http://www.freebsddiary.org/freebsd/ipnat.htm > I have been slowly hardening my > system with wrappers and ipfw, is ipfilter a complete replacement > for ipfw? Yes, you either use natd or ipf, not both. > I'll have to look closely and compare the two. Does > it make sense given ipfilters capabilities to have both > options IPFILTER and options IPFIREWALL in the kernel > at the same time? Do I still need options IPDIVERT in order > to use ipfilter's nat ? I know natd needs it. OK. Now you're asking me hard questions. The installation process for IPFILTER will add in what it needs. It won't remove what it doesn't. So if you start with a "clean" kernel (no natd), you'll have what you need. Checking my kernel, I don't have neither IPDIVERT nor IPFIREWALL. But I do have IPFILTER and IPFILTER_LOG. And I'm using ipf. -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message