From owner-freebsd-security  Mon Apr 29 17:38:06 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id RAA26679
          for security-outgoing; Mon, 29 Apr 1996 17:38:06 -0700 (PDT)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id RAA26673
          for <freebsd-security@freebsd.org>; Mon, 29 Apr 1996 17:38:02 -0700 (PDT)
Message-Id: <199604300038.RAA26673@freefall.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA062524672; Tue, 30 Apr 1996 10:37:52 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: FreeBSD & firewalls
To: kristyn@gnu.ai.mit.edu (Kristyn Fayette)
Date: Tue, 30 Apr 1996 10:37:52 +1000 (EST)
Cc: freebsd-security@freebsd.org
In-Reply-To: <199604292259.SAA07646@spiff.gnu.ai.mit.edu> from "Kristyn Fayette" at Apr 29, 96 06:58:42 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In some mail from Kristyn Fayette, sie said:
> 
> Hi,
> 
>   I'm getting ready to set up a firewall and I was wondering if anyone can
> give me some suggestions.  Currently, I've got a firewall running on an Indy.
> It's using the internet firewall toolkit.  Now I'm about to replace that
> machine with a FreeBSD system.  Should I keep that toolkit, or should I use
> the ipfw program that comes with 2.1?
> 
>   I know this is the kind of question everyone hates...is brand X better
> than brand Y, but I really don't have much reference right now and time
> is kinda short.

If you want to use the FreeBSD box as a drop-in replacement, use the FWTK
as you should be able to just copy over the config. files.  You won't have
to spend time creating new ones, verifying them, etc.

If you're serious about doing firewalling with FreeBSD and moving away from
the Firewall Toolkit, checkout
http://coombs.anu.edu.au/~avalon/ip-filter.html
- but only if you want to move away from the tookit, which, if it is working,
I wouldn't recommend so long as you can build it easily on FreeBSD (you
shouldn't have much trouble with 2.1).

darren