Date: Wed, 13 Oct 1999 23:02:53 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: tstromberg@rtci.com (Thomas Stromberg) Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, peter@FreeBSD.ORG Subject: Re: ipfilter no longer in -CURRENT, whats the direction? (off to ipfw?) Message-ID: <199910131302.XAA05892@cheops.anu.edu.au> In-Reply-To: <38047FB1.D7B282AD@rtci.com> from "Thomas Stromberg" at Oct 13, 99 08:48:49 am
next in thread | previous in thread | raw e-mail | index | archive | help
Well, if someone had of answered my question (to cvs-committers) about getting an account fixed up on freefall(?) so I could use cvs again, it might not have been forgotten about for quite so long. Maybe I sent the question to the "wrong place", but I received no answer to even indicate that! hmpf! On a conspirital note, I think there are numerous ipfw advocates within freebsd who hate that ipfilter is better >;-) Both NetBSD and OpenBSD ship with it, and if you're serious about security, maybe you should be using OpenBSD anyway, rather than FreeBSD. Darren In some mail from Thomas Stromberg, sie said: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/ipnat/Attic/Makefile > ------------------------------------------------------------------------ > 1.2 Sun Oct 10 15:08:35 1999 UTC by peter > CVS Tags: HEAD > Diffs to 1.1 > FILE REMOVED > > Nuke the old antique copy of ipfilter from the tree. This is old enough > to be dangerous. It will better serve us as a port building a KLD, > ala SKIP. > ------------------------------------------------------------------------ > > Although a heads up in -CURRENT or -security about this would of been > nice, ye old ipfilter is gone. I definitely cannot disagree with the > fact that it is an antique copy, and it's a shame that no one seems to > be taking care of it in the tree. At least in the past, ipfilter was for > many a much better option then ipfw. Has ipfw improved to the point > where it functions better as a company firewall then ipfilter? (Okay, so > the group & user firewalling is neat, but not really applicable for a > corporate border firewall) > > ipfilters website: http://coombs.anu.edu.au/~avalon/ip-filter.html > > For why I feel ipfilter is better then ipfw (this post was written back > in December '98, ipfw may have changed greatly since): > > http://www.freebsd.org/cgi/getmsg.cgi?fetch=117538+122112+/usr/local/www/db/text/1998/freebsd-current/19981227.freebsd-current > (the big 'wanton atticizing discussion') > > A summary of it being: > > - Multiplatform. Runs on IRIX, Solaris, Linux. Comes shipped with > FreeBSD, OpenBSD, and NetBSD. Keeps us in sync with the other BSD's. > - Better logging then ipfw (has ipfw improved? Thats why I switched to > ipfilter in the first place) > > It's a shame that no one seems to want to maintain ipfilter in our tree. > As far as a 'port building kld', I think this may not be the 'smartest' > way, seeing as anyone who is running a serious firewall would disable > kld's immediately anyhow. > > So my question is, what's the direction we're taking here? > > -- > ======================================================================= > Thomas Stromberg, Assistant IS Manager / Systems Guru > smtp://tstromberg@rtci.com Research Triangle Commerce, Inc. > pots://919.380.9771 x3210 > ======================================================================= > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910131302.XAA05892>