Date: Wed, 07 Mar 2001 18:29:10 -0600 From: Christopher Schulte <christopher@schulte.org> To: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>, Nathan Dorfman <nathan@rtfm.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw or ipf? Message-ID: <5.0.2.1.0.20010307181400.0336ed18@pop.schulte.org> In-Reply-To: <200103080011.VAA05148@ns1.via-net-works.net.ar> References: <20010307190222.A72795@rtfm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:11 PM 3/7/2001 -0300, Fernando Schapachnik wrote: >On the other hand ipfw can do traffic shaping. On FreeBSD you can >build an "invisible" firewall with ipfw doing bridging. ipfw + dummynet + bridging is exactly what I use for my firewall. It's fast, stable, easy to manage, powerful and I'd recommend it to anyone wanting to secure a small network using FreeBSD and 2 NICs. Ipfw does has the ability to keep a tcp states. I can't speak for NAT or portability. I have used ipf on at least OpenBSD and Solaris. It probably can be compiled on many more. ipfw is beautiful - two nics just hop into promisc mode. One connects to the 'internal' network, the other to possibly a router or public switch. Then using the firewall/shaping rules defined with ipfw traffic is transparently passed (or dropped/rejected) from the external network to machines on the inside via software bridging. Not to mention, you can do sophisticated traffic limiting at the same time. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.0.20010307181400.0336ed18>