Date: Sun, 2 Feb 2003 22:49:33 +0200 From: Petre Bandac <petre@kgb.ro> To: <barbish@a1poweruser.com>, <freebsd-questions@freebsd.org> Subject: Re: ipfw firewall questions Message-ID: <200302022249.33452.petre@kgb.ro> In-Reply-To: <MIEPLLIBMLEEABPDBIEGIECJDFAA.barbish@a1poweruser.com> References: <MIEPLLIBMLEEABPDBIEGIECJDFAA.barbish@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ipf & ipfw are something like iptables & ipchains ? both tools do the sam= e job=20 ? On Sunday 02 February 2003 20:26 Anno Domini, JoeB wrote using one of his= =20 keyboards: > There are 3 classes of rules in IPFW, each class has separate packet > interrogation abilities. Each proceeding class has greater packet > interrogation abilities than the previous one. These are stateless, > simple stateful, and advanced stateful. The advanced stateful rule > class is the only class having technically advanced interrogation > abilities capable of defending against the flood of different attack > methods currently employed by perpetrators. Stateless and Simple > Stateful IPFW firewall rules are inadequate to protect the users > system in today's internet environment and leaves the user > unknowingly believing they are protected when in reality they are > not. > > The advanced stateful rule option keep-state works as documented > only when used in a rule set that does not use the divert rule. > Simply stated the IPFW advanced stateful rule option keep-state does > not function correctly when used in a IPFW firewall that also is > using the IPFW built in NATD function. For the most complete > keep-state protection the other FIREWALL solution (IPFILTER) that > comes with FBSD should be used. Just checkout the IPFW list archives > and you will see this subject discussed in detail with out any > solution forthcoming. > > http://www.obfuscation.org/ipf/ > > http://www.obfuscation.org/ipf/ipf-howto.html > > > > > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Petre > Bandac > Sent: Sunday, February 02, 2003 4:51 AM > To: freebsd-questions@freebsd.org > Subject: ipfw firewall questions > > hello > > I'm about to "compose" my first ipfw firewall - and, since I have > worked quite > a lot with iptables, I'm interesed in a few minor similarities: > > 1 - the firewall is called by rc.conf ? or ca I call it at boot time > via > whatever *.sh placed in the right place > > 2 - the firewall can be a executable bash script (i.e. like a > regular linux > firewall, with variables like myIP=3D"192.168.0.0") ? > > I guess the rest is covered in the docs I have carefully RTFM :-) > > thanks, > > petre --=20 Login: petre =09=09=09Name: Petre Bandac Directory: /home/petre =09Shell: /usr/local/bin/zsh On since Sun Feb 2 13:56 (EET) on ttyv0, idle 8:51 (messages off) Last login Sun Feb 2 20:03 (EET) on ttyp0 from ns.rdsbv.ro No Mail. No Plan. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302022249.33452.petre>