Date: Fri, 12 Oct 2001 10:18:17 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Alfatrion" <alfatrion@cybertron.tmfweb.nl>, "Maine LOA List Admin (Brent Bailey)" <brentb@loa.com> Cc: "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>, <freebsd-stable@freebsd.org>, <freebsd-questions@freebsd.org> Subject: Re: IPFW or IPFILTER? Message-ID: <010001c15331$23f1da00$3028680a@tgt.com> References: <20011012154307.O52936-100000@klima.physik.uni-mainz.de> <003601c15328$db264480$24b4a8c0@pretorian> <3BC700CE.8000201@cybertron.tmfweb.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
ipfw add check-state . . . ipfw add pass tcp from any to any via tun0 out keep-state However, if you plan to use NAT, I highly recommend IPFilter -- it is "in kernel", so there is not a transition from kernel -> userland -> kernel. Also, natd is quirky and can cause "failed to write back packet" (IIRC) when not configured "perfectly". The samples in the /etc/rc.firewall file cause this error message. Tom Veldhouse veldy@veldy.net > I find IPF more configurable as IPFW. I don't know how to do the > folowing in IPFW: pass out quick on tun0 proto tcp from any to any keep > state. > > Alex > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010001c15331$23f1da00$3028680a>