From owner-freebsd-security  Thu Jul 27  0:26:20 2000
Delivered-To: freebsd-security@freebsd.org
Received: from superconductor.rush.net (superconductor.rush.net [208.9.155.8])
	by hub.freebsd.org (Postfix) with ESMTP id A10E037C045
	for <freebsd-security@FreeBSD.ORG>; Thu, 27 Jul 2000 00:26:03 -0700 (PDT)
	(envelope-from trish@bsdunix.net)
Received: from localhost (trish@localhost)
	by superconductor.rush.net (8.9.3/8.9.3) with ESMTP id DAA28875;
	Thu, 27 Jul 2000 03:25:34 -0400 (EDT)
Date: Thu, 27 Jul 2000 03:25:33 -0400 (EDT)
From: Siobhan Patricia Lynch <trish@bsdunix.net>
X-Sender: trish@superconductor.rush.net
To: Reinoud <Reinoud.Koornstra@ibb.net>
Cc: Gerhard Sittig <Gerhard.Sittig@gmx.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: ipf or ipfw (was: log with dynamic firewall rules)
In-Reply-To: <Pine.LNX.3.95.1000727090741.8649B-100000@ux1.ibb.net>
Message-ID: <Pine.BSO.4.21.0007270323100.3504-100000@superconductor.rush.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I actually use ipfw for everything, I can;t see any real advantage to
ipfilter in a situation that we're using it for (some people know
where I work)

ipfilter has to be flushed and reloaded, I don;t have that luxury

ipfw I can add rules on the fly.

now back in 3.x, I would have chosen ipf over ipfw, but with the
dawn of check-state and keep-state, ipfw wins hands down in this
situation.

-Trish

__

Trish Lynch
FreeBSD - The Power to Serve 		trish@bsdunix.net
Rush Networking				trish@rush.net

On Thu, 27 Jul 2000, Reinoud wrote:

> On Wed, 26 Jul 2000, Gerhard Sittig wrote:
> 
> > On Tue, Jul 25, 2000 at 21:56 -0500, Stephen Montgomery-Smith wrote:
> > > 
> > > Would running both ipfw and ipf be considered over the top?
> > 
> > I was never sure whether they collide or not.  But having ipf
> > running I don't see a point in using ipfw.  Make sure you have 
> > 
> 
> There can be one reason to run ipfw and ipf together.
> I just use ipf as firewall, and started using ipfw cause dummynet
> can only be used when you're using ipfw as far as i can tell.
> So ipf is still used (and will always be :) ) as ip filter on the
> machines, and ipfw is used just to make dummynet work to control
> bandwidth.
> Bye,
> 
> Reinoud.
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message