From owner-freebsd-hackers  Mon Feb 26 08:16:01 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id IAA27975
          for hackers-outgoing; Mon, 26 Feb 1996 08:16:01 -0800 (PST)
Received: from rk.ios.com (rk.ios.com [198.4.75.55])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id IAA27953
          for <hackers@freebsd.org>; Mon, 26 Feb 1996 08:15:58 -0800 (PST)
Received: (from rashid@localhost) by rk.ios.com (8.6.11/8.6.9) id LAA03858 for hackers@freebsd.org; Mon, 26 Feb 1996 11:15:49 -0500
From: Rashid  Karimov <rashid@rk.ios.com>
Message-Id: <199602261615.LAA03858@rk.ios.com>
Subject: IPFW - how fast/robust is it ?
To: hackers@freebsd.org
Date: Mon, 26 Feb 1996 11:15:49 -0500 (EST)
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
Precedence: bulk

		Hi there folx,




	I'm about to implement some filtering here
	on user servers , namely I want to disallow
	users to provide any TCP services (bind and
	listen on ports above 1024).

	They should be able to use ftp in the passive mode,
	so there's no problem there.

	So as I understand I can do it via IPFW mechanism.
	The only Q is , since the thing is so deep in the 
	kernel , how robust and stable it is ?

	How does it affect the networking in the sense of
	speed , etc ? 




	Rashid