Date: Sun, 10 Dec 2000 20:28:17 +0100 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= <rguyom@pobox.com> To: freebsd-stable@freebsd.org Subject: Re: IPFIREWALL or IPFILTER? Message-ID: <20001210202817.C22773@diabolic-cow.chatgris.net> In-Reply-To: <002301c062bd$2aeb0440$0b6cffc8@infolink.com.br>; from apina@infolink.com.br on Sun, Dec 10, 2000 at 01:23:36PM -0200 References: <Pine.BSF.4.21.0012031955270.59659-100000@ipamzlx.physik.uni-mainz.de> <00dd01c05e2e$e42a0700$0b6cffc8@infolink.com.br> <20001209112247.A22773@diabolic-cow.chatgris.net> <002301c062bd$2aeb0440$0b6cffc8@infolink.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 10, 2000 at 01:23:36PM -0200, Antonio Carlos Pina wrote:
> Hello,
>
> > > Besides that, I've seen a lot of people saying that IPFILTER is better
> than
> > > IPFW (faster, more powerful, etc)
> >
> > Don't know if it's faster, but IPFilter is definitely way more powerful.
>
> Could you tell us why ?
Can you do statefull filtering of TCP, UDP and ICMP streams with ipfw
? (this includes icmp errors and fragmented packets [ADSL anyone ? ...]).
Does the TCP state filtering engine in ipfw actually checks sequence
numbers and window sizes ?
Is there something like "block return-icmp-as-dest (port-unr) ..." in
ipfw ?
Is there a concept similiar to the head/group thing in ipfw ?
Can you save/restore to/from disk filter and NAT state entries ?
Can you redirect traffic to many internal boxes with a round-robin
mechanism ?
And last but not least, can you use the same rule set on a Solaris
box, on {Free,Open,Net}BSD, on BSDi, on HPUX etc...
> A lot of people here (including me) would like to know about
> ipfilter...
Check the ipfilter web site and the ipfilter how-to.
--
Rémi
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001210202817.C22773>