From owner-freebsd-questions Sun Oct 20 21:33: 7 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 072C137B401 for ; Sun, 20 Oct 2002 21:33:06 -0700 (PDT) Received: from mail.thundernet.cz (mail.thundernet.cz [62.77.87.114]) by mx1.FreeBSD.org (Postfix) with SMTP id 45D6143E3B for ; Sun, 20 Oct 2002 21:33:04 -0700 (PDT) (envelope-from neuhauser@bellavista.cz) Received: (qmail 20494 invoked from network); 21 Oct 2002 04:32:52 -0000 Received: from unknown (HELO freepuppy.bellavista.cz) (62.168.44.50) by mail.thundernet.cz with SMTP; 21 Oct 2002 04:32:52 -0000 Received: by freepuppy.bellavista.cz (Postfix, from userid 1001) id 323C62FDAB2; Mon, 21 Oct 2002 06:32:50 +0200 (CEST) Date: Mon, 21 Oct 2002 06:32:50 +0200 From: Roman Neuhauser To: freebsd-reply@akruijff.dds.nl Cc: Redmond Militante , freebsd-questions@freebsd.org Subject: Re: favorite security software Message-ID: <20021021043250.GE586@freepuppy.bellavista.cz> Mail-Followup-To: freebsd-reply@akruijff.dds.nl, Redmond Militante , freebsd-questions@freebsd.org References: <20021018234041.GA28868@darkpossum> <18415058332.20021019020210@dds.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <18415058332.20021019020210@dds.nl> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG # freebsd@akruijff.dds.nl / 2002-10-19 02:02:10 +0200: > Saturday, October 19, 2002, 1:40:42 AM, you wrote: > RM> do people have any favorite security software that they always run in addition to ipfw or ipfilter? > > My favorite firewall is ipfilter. Mainly because it doesn't run in > userland like ipfw does. hrmm, this is nonsense. ipfw sits in kernel of course. what runs in userland is its companion, natd(8). if you don't nat you don't need to care. if you don't nat on a very slow/loaded box, that is. as has been said on the list, the fact that natd is a userland process has its ups as well: a bug in natd won't panic your gateway (i gathered from the lists that there used to be a bug in ipnat that caused just that). n.b.: i'm an ipfilter user. -- If you cc me or take the list(s) out completely I'll most likely ignore your message. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message