From owner-freebsd-security Sat Jun 22 08:19:35 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA10353 for security-outgoing; Sat, 22 Jun 1996 08:19:35 -0700 (PDT) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA10331 for ; Sat, 22 Jun 1996 08:19:20 -0700 (PDT) Received: by gvr.win.tue.nl (8.6.12/1.53) id RAA05233; Sat, 22 Jun 1996 17:19:04 +0200 From: guido@gvr.win.tue.nl (Guido van Rooij) Message-Id: <199606221519.RAA05233@gvr.win.tue.nl> Subject: Re: IPFW vs. IP Filter? To: taob@io.org (Brian Tao) Date: Sat, 22 Jun 1996 17:19:02 +0200 (MET DST) Cc: freebsd-security@FreeBSD.org In-Reply-To: from Brian Tao at "Jun 22, 96 09:51:50 am" X-Mailer: ELM [version 2.4ME+ PL17 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Brian Tao wrote: > I'm setting up a FreeBSD-based firewall here, and my original plan > was to go with IPFW in the kernel. However, it seems there isn't any > recent documentation for it (both the man page and the handbook entry > are out of date). IP Filter 3.0.4 (http://coombs.anu.edu.au/~avalon/) > also looks very nice, and Andrew Stesin recently recommended it here. > > Should I disable IPFW in the kernel and put IP Filter in its place > then, or can (should?) the two coexist? My main beef is that the IPFW > documentation is rather lacking, and /usr/src/sbin/ipfw/ipfw.c isn't > helpfully commented. Suggestions appreciated. Thanks. I have a router with both ipfilter and ipfw. However, it is an early version of ipfilter. I think it can cooperate well, though I havent looked at the sources recently. You can ask Daren Reed, the auithor of ipfilter (avalon@coombs.anu.edu.au). I think he's also using FreeBSD these days. -Guido