From owner-freebsd-stable  Sun Dec 10 22:32: 6 2000
From owner-freebsd-stable@FreeBSD.ORG  Sun Dec 10 22:32:02 2000
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp1.cluster.oleane.net (smtp1.cluster.oleane.net [195.25.12.16])
	by hub.freebsd.org (Postfix) with ESMTP id C86CF37B400
	for <freebsd-stable@freebsd.org>; Sun, 10 Dec 2000 22:32:01 -0800 (PST)
Received: from diabolic-cow.chatgris.net (dyn-1-1-020.Orl.dialup.oleane.fr [195.25.26.20]) by smtp1.cluster.oleane.net with ESMTP id eBB6Vwd91552 for <freebsd-stable@freebsd.org>; Mon, 11 Dec 2000 07:31:59 +0100 (CET)
Received: by diabolic-cow.chatgris.net (Postfix, from userid 1000)
	id 63F903EE; Mon, 11 Dec 2000 07:27:01 +0100 (CET)
Date: Mon, 11 Dec 2000 07:27:01 +0100
From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= <rguyom@pobox.com>
To: freebsd-stable@freebsd.org
Subject: Re: IPFIREWALL or IPFILTER?
Message-ID: <20001211072701.I22773@diabolic-cow.chatgris.net>
References: <Pine.BSF.4.21.0012031955270.59659-100000@ipamzlx.physik.uni-mainz.de> <00dd01c05e2e$e42a0700$0b6cffc8@infolink.com.br> <20001209112247.A22773@diabolic-cow.chatgris.net> <20001210111051.F86825@elvis.mu.org> <20001210194648.B22773@diabolic-cow.chatgris.net> <20001210194532.H86825@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <20001210194532.H86825@elvis.mu.org>; from billf@mu.org on Sun, Dec 10, 2000 at 07:45:32PM -0600
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Dec 10, 2000 at 07:45:32PM -0600, Bill Fumerola wrote:
> On Sun, Dec 10, 2000 at 07:46:48PM +0100, Rémi Guyomarch wrote:
> 
> > > Actually, _you're_ wrong. DUMMYNET is very ipfw specific.
> > 
> > Check the mail archives. You can use both firewall packages at the
> > same time. If you want to use IPFilter, then simply add it to the
> > kernel config, along with IPFIREWALL (ipfw) and DUMMYNET :
> > 
> > options IPFIREWALL
> > options IPFIREWALL_DEFAULT_TO_ACCEPT
> > options DUMMYNET
> > options IPFILTER
> > options IPFILTER_LOG
> 
> I'm very familiar with ipfw's workings, thanks. The fact remains
> that DUMMYNET works with IPFIREWALL only. IPFILTER works in unison
> with IPFIREWALL(aka ipfw), but you can't use DUMMYNET pipes with
> IPFILTER rules..

Yes, you're right. But the (user-level) fact is, you can use ipf and
dummynet on the same machine without troubles (beside the fact that
packets rejected / dropped by ipf won't be seen by dummynet).

-- 
Rémi


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message