Date: Thu, 27 Jul 2000 17:35:42 +1000 (Australia/NSW) From: Darren Reed <avalon@coombs.anu.edu.au> To: trish@bsdunix.net (Siobhan Patricia Lynch) Cc: Reinoud.Koornstra@ibb.net (Reinoud), Gerhard.Sittig@gmx.net (Gerhard Sittig), freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) Message-ID: <200007270735.RAA18535@cairo.anu.edu.au> In-Reply-To: <Pine.BSO.4.21.0007270323100.3504-100000@superconductor.rush.net> from "Siobhan Patricia Lynch" at Jul 27, 2000 03:25:33 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Siobhan Patricia Lynch, sie said: > > I actually use ipfw for everything, I can;t see any real advantage to > ipfilter in a situation that we're using it for (some people know > where I work) > > ipfilter has to be flushed and reloaded, I don;t have that luxury > > ipfw I can add rules on the fly. You can do that with ipfilter too. In fact, ipfilter allows you to make complete ruleset changes, on the fly with 0 security risk (i.e. there is no gap of "half your rules being in place"). Even at bootup, you can go from "no rules, default = block" to "full ruleset" and not have any packets slip between the cracks as various lines get added to allow/deny things. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007270735.RAA18535>