Date: Wed, 14 Aug 1996 15:03:18 +0200 (MET DST) From: sos@freebsd.org To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: hackers@freebsd.org Subject: Re: ipfw vs ipfilter? Message-ID: <199608141303.PAA13221@ra.dkuug.dk> In-Reply-To: <14393.840023370@time.cdrom.com> from "Jordan K. Hubbard" at Aug 14, 96 04:49:30 am
next in thread | previous in thread | raw e-mail | index | archive | help
In reply to Jordan K. Hubbard who wrote:
>
> I've been trying to implement a firewall for the past couple of days,
> and over the course of same have come to realize a few interesting
> things I didn't know (at least from direct experience) before:
>
> 1. ipfw is klunky. klunky interface, klunky syntax, klunky code.
You got that right :)
> 2. ipfw has changed so much, and with so little regard for
> backwards-compatible command syntax, that many of the docs
> floating around for it do not even apply.
Exactly.
> 4. Darren Reed's ipfilter software is well documented, supported, and runs
> on everything from Solaris to Linux to *BSD. It also has some interesting
> looking tools which have been written for it.
>
> 5. ipfilter's license is very relaxed. There's no reason we couldn't
> bundle it.
>
> 6. If I get this firewall up and running easily with ipfilter (and the Jury's
> still out on that), you can expect to hear me chanting "down with ipfw!
> up with ipfilter!" in the near future. :-)
I'm all for it !!
It leaves the question what to do with julian's redirect code ??
It shares much of the same "features" that ipfw does, and for all I care
it can go as well.. Most of the features with it is now in ipfilter...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
So much code to hack -- so little time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608141303.PAA13221>