Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 Oct 1999 16:05:53 -0400 (EDT)
From:      <zaph0d@sparc.sweb.com>
To:        Thomas Stromberg <tstromberg@rtci.com>
Cc:        freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, peter@FreeBSD.ORG
Subject:   Re: ipfilter no longer in -CURRENT, whats the direction? (off to ipfw?)
Message-ID:  <Pine.GSO.3.96.991013160220.12524A-100000@sparc.sweb.com>
In-Reply-To: <38047FB1.D7B282AD@rtci.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I also must agree for many tasks, IP filter proves superior than IPFW and
NATD for many things which I do.

It seems much more straightforward, more configurable, and also in many
respects more stable and reliable.

It would not bother me in the least if they simply yanked ipfw and natd
from the src tree, and included ipf/ipnat default (not in contrib).

If no one else desires to doso, i'd be happy to maintain whatever
communication or porting nessescary to keep it current and included in the
standard FreeBSD distribution. 


On Wed, 13 Oct 1999, Thomas Stromberg wrote:

> http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/ipnat/Attic/Makefile
> ------------------------------------------------------------------------
> 1.2 Sun Oct 10 15:08:35 1999 UTC by peter 
> CVS Tags: HEAD
> Diffs to 1.1 
> FILE REMOVED 
> 
> Nuke the old antique copy of ipfilter from the tree.  This is old enough
> to be dangerous.  It will better serve us as a port building a KLD,
> ala SKIP.
> ------------------------------------------------------------------------
> 
> Although a heads up in -CURRENT or -security about this would of been
> nice, ye old ipfilter is gone. I definitely cannot disagree with the
> fact that it is an antique copy, and it's a shame that no one seems to
> be taking care of it in the tree. At least in the past, ipfilter was for
> many a much better option then ipfw. Has ipfw improved to the point
> where it functions better as a company firewall then ipfilter? (Okay, so
> the group & user firewalling is neat, but not really applicable for a
> corporate border firewall)
> 
> ipfilters website: http://coombs.anu.edu.au/~avalon/ip-filter.html
> 
> For why I feel ipfilter is better then ipfw (this post was written back
> in December '98, ipfw may have changed greatly since):
> 
> http://www.freebsd.org/cgi/getmsg.cgi?fetch=117538+122112+/usr/local/www/db/text/1998/freebsd-current/19981227.freebsd-current   
> (the big 'wanton atticizing discussion')
> 
> A summary of it being:
> 
> - Multiplatform. Runs on IRIX, Solaris, Linux. Comes shipped with
> FreeBSD, OpenBSD, and NetBSD. Keeps us in sync with the other BSD's. 
> - Better logging then ipfw (has ipfw improved? Thats why I switched to
> ipfilter in the first place) 
> 
> It's a shame that no one seems to want to maintain ipfilter in our tree.
> As far as a 'port building kld', I think this may not be the 'smartest'
> way, seeing as anyone who is running a serious firewall would disable
> kld's immediately anyhow. 
> 
> So my question is, what's the direction we're taking here?
> 
> -- 
> =======================================================================
> Thomas Stromberg,                   Assistant IS Manager / Systems Guru
> smtp://tstromberg@rtci.com             Research Triangle Commerce, Inc.
>                                               pots://919.380.9771 x3210
> =======================================================================
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.991013160220.12524A-100000>