Date: Thu, 27 Jul 2000 09:49:56 +0200 From: Pavol Adamec <pavol_adamec@tempest.sk> Cc: freebsd-security@freebsd.org Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) Message-ID: <397FE9A4.1C1B9215@tempest.sk> References: <Pine.BSO.4.21.0007270323100.3504-100000@superconductor.rush.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Siobhan Patricia Lynch wrote: > ipfilter has to be flushed and reloaded, I don;t have that luxury > > ipfw I can add rules on the fly. > Sorry, but ipf can add rules on the fly too. As for ipf and ipfw - their capabilities are almost equal. The are differencies - ipnat is done within the kernel space, natd is running in user space. Running in user space in this case means that the translation slower. BUT you can control where you want your translation done - before, in-the-middle-of or at the end of the filtering rules. There's no such choice with ipnat. And more, and more such details. Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?397FE9A4.1C1B9215>