From owner-freebsd-questions  Tue Apr 28 10:54:59 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA17745
          for freebsd-questions-outgoing; Tue, 28 Apr 1998 10:54:59 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from navisite.net (mail1.navisite.net [205.139.29.86])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA17677
          for <freebsd-questions@FreeBSD.ORG>; Tue, 28 Apr 1998 10:54:47 -0700 (PDT)
          (envelope-from forrie@tiac.net)
Received: from forrie (nav133.cmgi.com [206.25.87.133])
	by navisite.net (8.8.8/8.8.8) with SMTP id NAA16621
	for <freebsd-questions@FreeBSD.ORG>; Tue, 28 Apr 1998 13:55:15 -0400 (EDT)
Message-Id: <199804281755.NAA16621@navisite.net>
X-Sender: forrie@pop.tiac.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
Date: Tue, 28 Apr 1998 13:56:11 -0400
To: freebsd-questions@FreeBSD.ORG
From: Forrest Aldrich <forrie@tiac.net>
Subject: IPFW issues
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I've recently implemented IPFW packet filtering on 2.2.6/intel.   One issue
I ran across immediately was the use of FTP and WWW (client).  After
reading the manpage, it seems that there are a lot of things that it
doesn't do which the Linux version (ipfwadm) allows.  But in either case,
I'm wondering if there are plans to extend BSD's... and what approach might
be commonly used to address the need for using ports >1024 on a machine for
which you want to use packet filtering (not as a "firewall" per se, but to
be host-based security).

Thanks,

Forrest




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message