Date: Mon, 19 Aug 1996 09:11:42 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: phk@critter.tfs.com (Poul-Henning Kamp) Cc: avalon@coombs.anu.edu.au, imp@village.org, jkh@time.cdrom.com, ugen@latte.worldbank.org, hackers@freebsd.org Subject: Re: ipfw vs ipfilter Message-ID: <199608191411.JAA19166@brasil.moneng.mei.com> In-Reply-To: <7036.840432968@critter.tfs.com> from "Poul-Henning Kamp" at Aug 19, 96 07:36:08 am
next in thread | previous in thread | raw e-mail | index | archive | help
> >IP Filter has its own set of regression tests, which you can verify yourself > >and then against a test run, if you like. Not to mention that this has > >helped find bugs. Both rule parsing and rule processing are tested for > >correctness. This is seen in neither ipfw or ipfwadm for FreeBSD/Linux. > >In a security concious world, how can you not want to be sure of something > >like this ? > > Uhm, aren't people overlooking the obvious here: We can have both, > and the user can choose. That was my hope at least. I would hope that this is the case. I have been very happy with ipfw, and while I am not against exploring other options, I do not see why there can not be two coexisting tools to do this. We have two console drivers. We have two drivers for one of the serial cards. :-) Each one has certain benefits and problems... and it seems to me that the ipfw/ipfilter thing is pretty much the same way. PHK has, if I remember correctly, done a LOT of work on ipfw and I believe that it would be a shame to waste all the effort that everybody has put into this. Whether or not Ugen has failed to support and develop ipfw is something of an irrelevant issue - FreeBSD has lots of drivers which have not been actively supported or maintained by their authors. ipfilter may or may not be a suitable "replacement" for ipfw, but it would probably be easier and more correct to consider it as a package that can coexist with ipfw and provide much of the same functionality. ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608191411.JAA19166>