From owner-freebsd-questions Wed May 23 8:46:45 2001 Delivered-To: freebsd-questions@freebsd.org Received: from probity.mcc.ac.uk (probity.mcc.ac.uk [130.88.200.94]) by hub.freebsd.org (Postfix) with ESMTP id 713F237B422 for ; Wed, 23 May 2001 08:46:40 -0700 (PDT) (envelope-from rasputin@freebsd-uk.eu.org) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by probity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 152aqN-0007ZN-00; Wed, 23 May 2001 16:46:39 +0100 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f4NFkdP43202; Wed, 23 May 2001 16:46:39 +0100 (BST) (envelope-from rasputin) Date: Wed, 23 May 2001 16:46:38 +0100 From: Rasputin To: clemensF Cc: questions@freebsd.org Subject: Re: ipfilter in kernel versions > 3 ? Message-ID: <20010523164638.B42937@dogma.freebsd-uk.eu.org> Reply-To: Rasputin References: <20010523173940.A1704@spotteswoode.yi.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20010523173940.A1704@spotteswoode.yi.org>; from rabat@web.de on Wed, May 23, 2001 at 05:39:40PM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * clemensF [010523 16:40]: > besides ipfw(8) there is another popular firewall package: ipfilter > (ip-fil3.4.17.tar.gz) by darren reed. like ipfirewall(4), it contains > utilities for defining rule sets and administration. it's documentation > states it to be part of freebsd systems versioned 3 and up, but i found no > trace of it in my freebsd 4.0 STABLE. > ipfilter is quite portable and the source distribution contains kernel > source-patches for a dozen systems. > > [] is ipfilter just another interface to the kernels ip functions which > can be used independently without interference? how do the systems > interact? I think they're at least partly separate, since ipfilter has had stateful packet inspection for longer than ipfw. Although they no doubt hook into the TCP stack in roughly the same places. > [] after applying ipfilter's patches to the kernel sources i lost my > backups, which is unfortunate, because they were already patched with > several sets, one of which was hand-crafted and can't be restored, so > installing them from the cd-roms won't do. Uh, ipfilter has been in the base sytem for donkey's years (well, since 4.0 when I started using BSD) Darren Reed has commit access to our kernel tree, < we got the last hole in IPF fixed before OpenBSD for this reason; I know it's not relevant but I never tire of saying it :) > so patches wouldn't normally be neccessary if you track STABLE with cvsup. > [] where can i find a set of kernel sources for freebsd-current? see the Handbook. > [] where can i find good and detailed HOWTO's, FAQ's and usage > documentations? i need online-info about rules, the administration of > firewalled systems and experience reports for all sizes and scales. I don't use ipfw, but there's an excellent howto on ipf at http://www.obfuscation.org/ipf (this document was the reason I left the Penguinistas) -- Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message