Date: Fri, 7 Jul 2000 15:08:42 -0500 From: "Larry Rosenman" <ler@lerctr.org> To: "Salvo Bartolotta" <bartequi@inwind.it>, <Peter.McGarvey@telinco.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Q: IPFIREWALL or IPFILTER? Message-ID: <NCBBKBDOOHHEJCJHLLPAIEEGHEAA.ler@lerctr.org> In-Reply-To: <20000707.19352900@bartequi.ottodomain.org>
next in thread | previous in thread | raw e-mail | index | archive | help
can't look at that PR, it's marked confidential... -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Salvo Bartolotta Sent: Friday, July 07, 2000 2:35 PM To: Peter.McGarvey@telinco.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Q: IPFIREWALL or IPFILTER? >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 7/7/00, 5:12:12 PM, Peter McGarvey <Peter.McGarvey@telinco.net> wrote regarding Q: IPFIREWALL or IPFILTER?: > In building a new kernel, I can add support for IPFIREWALL and IPFILTER. > What I'd like to know is what's the difference? > And which is better? > And is both a bad idea? > The only firewalls I've ever dealt with are of the packet filtering sort > built into routers. But now I'm playing with a FreeBSD box with 3 NICs > so it seems like a good time to learn a bit more about firewalls. > Discovering that FreeBSD supports two I went looking for some sort of > comparison between the two. But couldn't find anything. Hence, the > above questions. > -- > TTFN, FNORD > Peter McGarvey, Unix Administrator > Network Operations Center, Telinco Limited Dear Peter McGarvey, I would not like to start a theological dispute in the least :-) Both of them can be configured with stateful rules. My (as yet limited) understanding is that, essentially, they perform analogous functions albeit ipfilter seems to be slighly more flexible. BTW, as an exercise, I am developing solutions based on both. You may wish to have a look at Marc's tutorial (on ipfw), which is found at http://www.freeebsd.org/tutorials/dialup-firewall: mutatis mutandis, it will provide an excellent starting point; other general information (about firewalls) is found in the handbook. You might also want to read the relevant man pages (security(7); ipfw(8); ipf(1,4,5)), and/or browse a few sites dealing with security (e.g. http://www.cert.org); as regards ipfilter at large, you may wish to begin reading http://www.linuxsecurity.com/resource_files/firewalls/ipf-howto.txt; in addition, you will want to search the archives, in particular -security, and gather further (more or less theological) information. One last note. A couple of days ago a dangerous network-related bug was detected: you may wish to retrieve kern/19722. HTH just a tiny bit, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NCBBKBDOOHHEJCJHLLPAIEEGHEAA.ler>