From owner-freebsd-questions@FreeBSD.ORG Sun Mar 13 08:17:06 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93E9316A4CE for ; Sun, 13 Mar 2005 08:17:06 +0000 (GMT) Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0892643D55 for ; Sun, 13 Mar 2005 08:17:06 +0000 (GMT) (envelope-from lorenl@alzatex.com) Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1]) by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id j2D8H1UQ018219 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 13 Mar 2005 00:17:01 -0800 Received: (from sttng359@localhost) by hosea.tallye.com (8.12.8/8.12.10/Submit) id j2D8Gxm4018217; Sun, 13 Mar 2005 00:16:59 -0800 X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to lorenl@alzatex.com using -f Date: Sun, 13 Mar 2005 00:16:59 -0800 From: "Loren M. Lang" To: Albert Shih Message-ID: <20050313081659.GA18080@alzatex.com> References: <20050301224201.GC7469@math.jussieu.fr> <20050302090009.R23556@mail.rot-1.de> <20050302115706.GL15179@math.jussieu.fr> <20050303210753.GM30896@alzatex.com> <20050304124123.GA12225@math.jussieu.fr> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5mCyUwZo2JvN/JJP" Content-Disposition: inline In-Reply-To: <20050304124123.GA12225@math.jussieu.fr> User-Agent: Mutt/1.4.1i X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C cc: Stevan Tiefert cc: "Loren M. Lang" cc: freebsd-questions@freebsd.org Subject: Re: ipfw or pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2005 08:17:06 -0000 --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 04, 2005 at 01:41:23PM +0100, Albert Shih wrote: > Le 03/03/2005 ? 13:07:53-0800, Loren M. Lang a ?crit > > > Well it's not de syntaxes, I always use packet filter system (sometim= e on > > > hardware like Foundry/Cisco) where the rule is : First match first us= e. And > > > the pf use entire rules is very strange for me (I known I can use ?qu= ick? > > > but....well it's not the philosophy I think). > >=20 > > I like first match better too, but I think pf is sufficiently better > > that I just use it with quick over ipfw. > >=20 >=20 > Better on what ? More security features like srubbing packets. This can look for errors like bad tcp flag combinations that some port scanners might use. Also, it is just more flexible by using tables for matches that can even be updated dynamically. ipf and ipfw would require a completely new rule to change the firewall. Tables can be used to, say, keep track of a blacklist of ip address like the ones that keep trying to log into ssh accounts on my server that don't exists. pf also has built-in passive os fingerprinting if you think that might be useful. Read through the pf faq on openbsd.org. >=20 > I really like to known. And my question is not a troll or something like > that. >=20 > Regards >=20 >=20 > -- > Albert SHIH > Universite de Paris 7 (Denis DIDEROT) > U.F.R. de Mathematiques. > Heure local/Local time: > Fri Mar 4 13:40:29 CET 2005 --=20 I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 =20 --5mCyUwZo2JvN/JJP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCM/b7bTXoRwEYo9IRAmIbAJwI4JQQR8KcC8xMYke4npcW/ZLRvgCeJaA4 1HgUMNWcdwE4J2QFiC976ag= =VfUa -----END PGP SIGNATURE----- --5mCyUwZo2JvN/JJP--