Date: Fri, 9 Jan 2004 22:34:39 +0100 From: Jan Stary <jsta6559@artax.karlin.mff.cuni.cz> To: freebsd-questions@FreeBSD.org Subject: ipf or ipfw? Message-ID: <20040109213439.GA11626@artax.karlin.mff.cuni.cz>
next in thread | raw e-mail | index | archive | help
Hello, I am deciding whether to use ipf or ipfw. I have had a brief look at them and I like them both. I am quite a newbie in this. Is any one of them particularly better for the following situation? One standalone server, hosted by an ISP; only want to protect myself (explicitly allow the services I provide); no need for traffic shaping; want to do some traffic statistics, though. If you would use _one_ of them rather than the other for such a task, please tell me why (I mean, point me to the docs saying why). Also, I am a bit confused by the kernel config for this: the names of the IPFILTER* and IPFIREWALL* make me think I need IPFILTER* to be able to run ipf, and IPFIREWALL* to run ipfw. But the kernel functionality needed to run them is probably very much the same, so what am I missing? Didn't find this in the Handbook. Which of these should I enable to run ipf(w)? Point me to the docs, please. device bpf # Berkeley packet filter options IPSEC #IP security options IPSEC_ESP #IP security (crypto; define w/ IPSEC) options IPSEC_DEBUG #debug for IP security options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_FORWARD #enable transparent proxy support #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPDIVERT #divert sockets options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding Thank you Jan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040109213439.GA11626>