Date: Wed, 14 Aug 1996 13:05:06 -0500 From: Hal Snyder <hal@post.vale.com> To: "hackers@FreeBSD.ORG" <hackers@FreeBSD.ORG> Subject: ipfw considered harmful (not?) Message-ID: <01BB89E1.3762F660@jaguar.vale.com>
next in thread | raw e-mail | index | archive | help
I've used ipfw in past with very satisfactory results, protecting small corporation from the Internet. Don't know ipfilter for comparison. What made ipfw bearable was an rc.ipfw script, beginning with environmental variables for major addresses, and the line ipfw flush as the first real ipfw command. I don't think it would be too hard to graft an HTML/CGI front-end onto ipfw (anyone seen Checkpoint?). Does ipfilter do this? On the downside - I found the code for ipfw to be unreadable, mainly due to lack of comments in key areas. That always makes me suspicious the writer started with "int i;" rather than a design for the code. [Nothing personal against the original author - just that I spent over a decade reading student programming efforts and eventually lost all patience with puzzling over needlessly undocumented code.]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BB89E1.3762F660>