Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Jul 2000 03:25:33 -0400 (EDT)
From:      Siobhan Patricia Lynch <trish@bsdunix.net>
To:        Reinoud <Reinoud.Koornstra@ibb.net>
Cc:        Gerhard Sittig <Gerhard.Sittig@gmx.net>, freebsd-security@FreeBSD.ORG
Subject:   Re: ipf or ipfw (was: log with dynamic firewall rules)
Message-ID:  <Pine.BSO.4.21.0007270323100.3504-100000@superconductor.rush.net>
In-Reply-To: <Pine.LNX.3.95.1000727090741.8649B-100000@ux1.ibb.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
I actually use ipfw for everything, I can;t see any real advantage to
ipfilter in a situation that we're using it for (some people know
where I work)

ipfilter has to be flushed and reloaded, I don;t have that luxury

ipfw I can add rules on the fly.

now back in 3.x, I would have chosen ipf over ipfw, but with the
dawn of check-state and keep-state, ipfw wins hands down in this
situation.

-Trish

__

Trish Lynch
FreeBSD - The Power to Serve 		trish@bsdunix.net
Rush Networking				trish@rush.net

On Thu, 27 Jul 2000, Reinoud wrote:

> On Wed, 26 Jul 2000, Gerhard Sittig wrote:
> 
> > On Tue, Jul 25, 2000 at 21:56 -0500, Stephen Montgomery-Smith wrote:
> > > 
> > > Would running both ipfw and ipf be considered over the top?
> > 
> > I was never sure whether they collide or not.  But having ipf
> > running I don't see a point in using ipfw.  Make sure you have 
> > 
> 
> There can be one reason to run ipfw and ipf together.
> I just use ipf as firewall, and started using ipfw cause dummynet
> can only be used when you're using ipfw as far as i can tell.
> So ipf is still used (and will always be :) ) as ip filter on the
> machines, and ipfw is used just to make dummynet work to control
> bandwidth.
> Bye,
> 
> Reinoud.
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.21.0007270323100.3504-100000>