From owner-freebsd-doc@FreeBSD.ORG Wed Oct 25 23:56:34 2006 Return-Path: X-Original-To: freebsd-doc@freebsd.org Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DB6D16A412 for ; Wed, 25 Oct 2006 23:56:34 +0000 (UTC) (envelope-from cristi@net.utcluj.ro) Received: from bavaria.utcluj.ro (bavaria.utcluj.ro [193.226.5.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8280B446C3 for ; Wed, 25 Oct 2006 23:56:32 +0000 (GMT) (envelope-from cristi@net.utcluj.ro) Received: from localhost (localhost [127.0.0.1]) by bavaria.utcluj.ro (Postfix) with ESMTP id B0C897F447; Thu, 26 Oct 2006 02:56:28 +0300 (EEST) Received: from bavaria.utcluj.ro ([127.0.0.1]) by localhost (bavaria.utcluj.ro [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99956-09; Thu, 26 Oct 2006 02:56:27 +0300 (EEST) Received: from [172.27.2.200] (c7.campus.utcluj.ro [193.226.6.226]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by bavaria.utcluj.ro (Postfix) with ESMTP id 868EB7F412; Thu, 26 Oct 2006 02:56:27 +0300 (EEST) Message-ID: <453FF9AA.6010200@net.utcluj.ro> Date: Thu, 26 Oct 2006 02:56:26 +0300 From: Cristian KLEIN Organization: Data Communication Center - Technical University of Cluj-Napoca User-Agent: Thunderbird 1.5.0.5 (X11/20060728) MIME-Version: 1.0 To: Max Laier References: <453E9FC7.4000307@net.utcluj.ro> <200610251343.06622.max@love2party.net> In-Reply-To: <200610251343.06622.max@love2party.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the daemon playing with your mail on bavaria.utcluj.ro Cc: freebsd-doc@freebsd.org Subject: Re: Multiple firewalls X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Oct 2006 23:56:34 -0000 Max Laier wrote: > On Wednesday 25 October 2006 01:20, Cristian KLEIN wrote: >> Hi everybody, >> >> Please review the following article: >> http://cristiklein.c7obs.net/public/doc/en_US.ISO8859-1/books/handbook/ >> firewalls-multi.html > > "Note: At the time of this writing, using IPFW and PF is not recommended." > > Where do you get such information? I know of several successful > installations doing things like divert for L7 filtering in ipfw > and "normal" firewalling in pf. Also note, that in order to use ipfw's > ALTQ pf (eventhough one w/o a filtering ruleset) is required. You are right. That info must date from the time I had haluciantions. I have done more testing and found no problem. I have switched from IPFW+IPNAT to IPFW+IPNAT+PF to IPFW+PF. All worked as expected. I must say I like IPFW+PF more, because it makes passive FTP easy, even if a very restrictive firewall is desired. My appologies for misinforming the community. Seems that I have to write another section called IPFW+PF. :)