From owner-freebsd-questions@FreeBSD.ORG Wed Feb 11 15:10:32 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18BCB16A4CE for ; Wed, 11 Feb 2004 15:10:32 -0800 (PST) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id D772043D1D for ; Wed, 11 Feb 2004 15:10:31 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.196.44]) by comcast.net (sccrmhc13) with ESMTP id <200402112310270160086fd9e>; Wed, 11 Feb 2004 23:10:31 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id 3CC6F2B; Wed, 11 Feb 2004 18:10:27 -0500 (EST) Sender: lowell@be-well.ilk.org To: "Loren M. Lang" References: <20040211130356.GA8118@alzatex.com> <44wu6tspdt.fsf@be-well.ilk.org> <20040211140056.GC8118@alzatex.com> From: Lowell Gilbert Date: 11 Feb 2004 18:10:26 -0500 In-Reply-To: <20040211140056.GC8118@alzatex.com> Message-ID: <44u11xyzz1.fsf@be-well.ilk.org> Lines: 32 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: FreeBSD Mailing list Subject: Re: FreeBSD has Two Firewalls? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2004 23:10:32 -0000 "Loren M. Lang" writes: > It looks like ipfilter is a newer and more improved over ipfw They're independent implementations. > It looks like ipfilter is a newer and more improved over ipfw, but I'm > not sure. I'm looking for a good firewall with similar functionality to > linux's netfilter. Which, as I understand it, is a descendent of ipchains. ipchains is a descendent of an older version of ipfw. > linux's netfilter. Previously I was doing some somewhat sophisticated > things like disabling or limiting internet access for certain indivuals > depending on the time of day, as well as using connection helpers for > ftp, irc, etc. What's the best firewall to use for this? There's a lot of Linux-specific terminology in there, so I can't really unwind it very well. I don't know of any support for time-of-day modifications, but I'd expect that somebody out there has written it. Depending on the exact requirements, it may even be trivial. "Connection helpers" sounds like automatic proxy support, which I'm not crazy about but which I know ipfilter does somewhat more extensively than ipfw. The big advantage of ipfw is that dummynet(4) hooks in through it. Dummynet is a traffic shaper, as well as a framework that sort of resembles (as far as I understand) netfilter. Also note that it's perfectly possible and often quite convenient to use more than one firewall program...