From owner-freebsd-security Mon Jul 31 13:54:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from zippy.osd.bsdi.com (zippy.osd.bsdi.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 4021137B5A0 for ; Mon, 31 Jul 2000 13:54:54 -0700 (PDT) (envelope-from jkh@zippy.osd.bsdi.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.osd.bsdi.com (8.9.3/8.9.3) with ESMTP id NAA02531; Mon, 31 Jul 2000 13:54:53 -0700 (PDT) (envelope-from jkh@zippy.osd.bsdi.com) To: Darren Reed Cc: trish@bsdunix.net (Siobhan Patricia Lynch), freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) In-reply-to: Your message of "Mon, 31 Jul 2000 23:23:55 +1000." <200007311323.XAA29849@cairo.anu.edu.au> Date: Mon, 31 Jul 2000 13:54:53 -0700 Message-ID: <2528.965076893@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Well, had you gone the OpenBSD route you wouldn't have introduced a number > of bugs which can lead to a system doing filtering on bridged packets going > "boom". This is the sort of careless activity that leads to security holes I think you're probably forgetting that there are few alternatives to ipfw in FreeBSD right now. ipfilter is sort of an alternative, but it's also been very poorly maintained until recently in FreeBSD and the author doesn't respond to bug reports or ipfilter related discussions when they come up in various FreeBSD mailing lists. :) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message