Date: Tue, 27 Sep 2005 07:39:41 +0200 From: Kurt Jaeger <lists@complx.LF.net> To: Daniel Pocock <daniel@lvdx.com> Cc: freebsd-isp@freebsd.org Subject: Filtering (was Re: FreeBSD, quagga (BGP) and 2950 VLANs) Message-ID: <20050927053941.GW62233@complx.LF.net> In-Reply-To: <43386D0D.7000209@lvdx.com> References: <432EC4FF.4030706@lvdx.com> <20050919205757.GI62233@complx.LF.net> <432F3013.7090001@keystreams.com> <20050919214618.GJ62233@complx.LF.net> <20050919215605.GK62233@complx.LF.net> <432F4507.4020708@lvdx.com> <432F4A12.9090709@mac.com> <43386D0D.7000209@lvdx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, > I'm now starting to look at how to filter packets that I am forwarding, > to ensure that none of the people I connect to can use me as their > default route (unless I give them permission to do so). The FreeBSD > docs mention three different packet filters - pf, ipfw and ipf. We use ipfw on Freebsd. It's simple and it works and it's the native approach. pf is a relevant alternative, because it's very actively developed from the openbsd community. ipf: Its very portable on other plattforms, but it looks a bit stale (?). > Does any of these have specific benefits for a routing device that is > forwarding 99.9% of it's traffic to other hosts, or is it just a > question of personal preference? The rules I intend to write are fairly > simple, and I don't need any state-based stuff. If you start anew, maybe pf is the way to go. -- MfG/Best regards, Kurt Jaeger 15 years to go ! LF.net GmbH fon +49 711 90074-23 pi@LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050927053941.GW62233>