Date: Mon, 31 Jul 2000 08:09:06 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: jmb@hub.freebsd.org (Jonathan M. Bresler) Cc: mike@adept.org, stephen@math.missouri.edu, freebsd-security@FreeBSD.ORG Subject: Re: Problems with natd and simple firewall Message-ID: <200007302209.IAA29605@cairo.anu.edu.au> In-Reply-To: <20000730192717.7C78237B717@hub.freebsd.org> from "Jonathan M. Bresler" at "Jul 30, 0 12:27:17 pm"
index | next in thread | previous in thread | raw e-mail
In some mail from Jonathan M. Bresler, sie said: > > > > I came into this mess with mostly only PIX/FW1 experience... I'll admit > > some initial frustration when glancing over the man page, but after I > > decided to read it, word for word, and started toying with the examples, > > I've found ipfw's syntax/behavior to be (often) more appealing than the > > other products I use on a daily basis. > > > > -mrh > > one significant advantage of ipfw over FW1, aside from cost, > is that ipfw can test on which interface a packet arrives and/or > leaves. as far as i know, in FW1 its not possible to act upon packets > based upon which interface the packet hits. imagine wanting to screen > (spoofed) packets with the inside IP addresses arriving on the outside > interface. ;( If you're using FW-1 on Solaris, you can use IP Filter to do filtering before FW-1 in case you don't trust FW-1 :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007302209.IAA29605>