From owner-freebsd-security  Mon Apr 29 23:51:10 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id XAA12794
          for security-outgoing; Mon, 29 Apr 1996 23:51:10 -0700 (PDT)
Received: from rachael.franken.de (rachael.franken.de [193.175.24.38])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id XAA12788
          for <freebsd-security@freebsd.org>; Mon, 29 Apr 1996 23:51:06 -0700 (PDT)
Received: from hub-wue.franken.de by rachael.franken.de with smtp
	(Smail3.1.29.1 #8) id m0uE9Gw-000oHrC; Tue, 30 Apr 96 08:50 MET DST
Received: from wuff.franken.de by hub-wue.franken.de with smtp
	(Smail3.1.29.1 #16) id m0uE9H2-000FzpC; Tue, 30 Apr 96 08:51 MET DST
Received: by wuff.franken.de (Smail3.1.29.1 #20)
	id m0uE9Gl-000OxGA; Tue, 30 Apr 96 08:50 MET DST
Received: (from marc@localhost) by sniff.franken.de (8.7.5/8.7.3/uuB) id IAA00897; Tue, 30 Apr 1996 08:49:54 +0200 (MET DST)
From: Marc Binderberger <marc@sniff.franken.de>
Message-Id: <199604300649.IAA00897@sniff.franken.de>
Subject: Re: FreeBSD & firewalls
To: kristyn@gnu.ai.mit.edu (Kristyn Fayette)
Date: Tue, 30 Apr 1996 08:49:54 +0200 (MET DST)
Cc: freebsd-security@freebsd.org
In-Reply-To: <199604292259.SAA07646@spiff.gnu.ai.mit.edu> from "Kristyn Fayette" at Apr 29, 96 06:58:42 pm
X-Mailer: ELM [version 2.4 PL24 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hello Kristyn!

I don't know Indy's, so I'm not sure ...

>                            Currently, I've got a firewall running on an Indy.
> It's using the internet firewall toolkit.

... if you are talking about the TIS firewall toolkit or any vendor
specific software.

> machine with a FreeBSD system.  Should I keep that toolkit, or should I use
> the ipfw program that comes with 2.1?

But if your are taking about the TIS package, you should use _both_.
IPFW is a packet filter, the TIS package contains application level
filters and proxies. Use the IPFW to stop source routed IP and all the
stuff you can easily set into rules. Authentication schemes like S/key,
X gateways with confirmation or anti-java(script) filters are the task
of the TIS toolkits.

Regards, Marc.
-- 
Marc Binderberger                                  97076 Wuerzburg, Germany
marc@sniff.franken.de                              Powered by FreeBSD ;-)