From owner-freebsd-security Mon Jul 31 14: 0:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 0594137B7D0 for ; Mon, 31 Jul 2000 14:00:12 -0700 (PDT) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id GAA28275; Tue, 1 Aug 2000 06:59:56 +1000 (EST) From: Darren Reed Message-Id: <200007312059.GAA28275@cairo.anu.edu.au> Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) In-Reply-To: <2528.965076893@localhost> from "Jordan K. Hubbard" at "Jul 31, 0 01:54:53 pm" To: jkh@zippy.osd.bsdi.com (Jordan K. Hubbard) Date: Tue, 1 Aug 2000 06:59:55 +1000 (EST) Cc: avalon@coombs.anu.edu.au, trish@bsdunix.net, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Jordan K. Hubbard, sie said: > > Well, had you gone the OpenBSD route you wouldn't have introduced a number > > of bugs which can lead to a system doing filtering on bridged packets going > > "boom". This is the sort of careless activity that leads to security holes > > I think you're probably forgetting that there are few alternatives to > ipfw in FreeBSD right now. ipfilter is sort of an alternative, but > it's also been very poorly maintained until recently in FreeBSD and > the author doesn't respond to bug reports or ipfilter related > discussions when they come up in various FreeBSD mailing lists. :) The author is extremely busy and rest assured that generic problems (such as those with the FTP proxy) and already deletes enough email but isn't opposed to adding more ;-) btw, I am glad to see that FreeBSD PR's for IP Filter are being assigned to me - they're something I can't hide from and can't accidently delete either :) Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message