Date: Thu, 26 Feb 2004 14:08:17 -0500 From: "Shaun T. Erickson" <ste@ste-land.com> To: Barbish3@adelphia.net Cc: freebsd-questions@freebsd.org Subject: Re: Looking for ipfw info. Message-ID: <403E4421.7030203@ste-land.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGKENMFMAA.Barbish3@adelphia.net> References: <MIEPLLIBMLEEABPDBIEGKENMFMAA.Barbish3@adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
JJB wrote: > The problem with all those links is that what they write about is > outdated and complete mis-directs the reader into using IPFW's > legacy stateless rules when only stateful rules should be used to > get the max level of protection. The rules she gives in her second article most certainly describe creating a stateful firewall. > They also completely ignore the > problem ipfw has with stateful rules not working when the > divert/naded subroutine call is used. IPFW has major legacy > stateful/NAT bug and ipfilter does not. Can you provide me with links to information that documents this? > Ipfilter provides an much > higher level of protection in an LAN environment than IPFW can ever > do in it's current state. Even the openbsd pf port is an better > firewall solution for a firewall with an LAN behind it then IPFW. Please provide me with links to documentation that objectively compares them, so that I can weigh the merits of what you say. > Please don't continue the FBSD's handbook mis-information about IPFW > being the only FBSD firewall solution or that it's the best > solution. The handbook is also way behind in it's content being > current and up to date. As a new FreeBSD user, there's no way I could possibly know that, now is there? I simply passed along what I have found to be useful. I still need to know the answer to my question about what changes I need to make to my kernel to support a firewall on my server. -ste
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403E4421.7030203>