From owner-freebsd-questions Mon Nov 19 17:39:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtpg.casema.net (smtpg.casema.net [195.96.96.160]) by hub.freebsd.org (Postfix) with SMTP id 494EE37B41D for ; Mon, 19 Nov 2001 17:39:48 -0800 (PST) Received: (qmail 4714 invoked by uid 0); 20 Nov 2001 01:39:43 -0000 Received: from unknown (HELO scorn.diderius.nl) (212.64.78.61) by smtpg.casema.net with SMTP; 20 Nov 2001 01:39:43 -0000 Received: from parallax.diderius.nl (parallax.diderius.nl [172.18.4.1]) by scorn.diderius.nl (8.11.2/8.11.2) with ESMTP id fAK1dBN03745; Tue, 20 Nov 2001 02:39:11 +0100 Received: from silver.ftx.diderius.nl (silver.ftx.diderius.nl [172.19.3.10]) by parallax.diderius.nl (8.11.3/8.11.3) with ESMTP id fAK1de800953; Tue, 20 Nov 2001 02:39:40 +0100 (CET) (envelope-from walter@binity.com) Date: Tue, 20 Nov 2001 02:38:36 +0100 From: Walter Hop X-Mailer: The Bat! (v1.53d) Educational X-Priority: 3 (Normal) Message-ID: <1989602727.20011120023836@binity.com> To: Axel Scheepers Cc: Chris Appleton , freebsd-questions@freebsd.org Subject: Re: NAT security In-Reply-To: <20011119235600.A1904@mars.thuis> References: <917DCA667947D4118E2100AA00BAEA6E1ABC06@vonneumann.emailtopia.com> <83141508858.20011119162408@binity.com> <20011119235600.A1904@mars.thuis> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [in reply to axel@axel.truedestiny.net, 19-11-2001] > I use ipfilter/ipnat and like the way you can flush/edit the kernel filterlist > and the possibility to create nice config files for it. As I see it ipfilter is > a bit better handling large configurations. > It also uses a technique which processes the whole ruleset which might be a > bit confusing when you first start using it. > My gateway/firewall is a simple 486-33/16MB, I used ipf & natd for a while > but since these copy packets from kernel to userland, and ipfilter/ipnat don't, > ipfilter gives _way_ more performance on a busy network. > For home use I shouldn't care if I where you; if ipfw suits you and does 'your > thing' use it. :) Thanks for the info! I never did care to look at it. Do you think the efficiency gain is noticable for a node with relatively few firewalling rules as well? -- Walter Hop Updated contact information: http://www.binity.com/~walter/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message