Date: Thu, 17 Feb 2000 11:44:13 +0100 (CET) From: Zahemszky Gabor <zgabor@CoDe.hu> To: freebsd-security@freebsd.org Subject: Re: ipfw - ipf Message-ID: <200002171045.LAA00428@CoDe.hu> In-Reply-To: <E12Kbin-000PN1-00@f1.mail.ru> from Andrew Kopeyko at "Feb 15, 0 09:44:29 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > > a) if I have both ipf and ipfw in my kernel, which is the flow of a packet? > > in -> ipf -> ipfw -> kernel | kernel -> ipfw -> ipf -> out > > or the other? (I used to use ipfw, and I'd like to switch - or learn - ipf.) > > It depends on the order you modload their lkm's - earlier loaded will be "closer" to kernel. Hm. Can I load ipf dinamically? Btw on 3.x, lkms are switched to klds, and I didn't find a way to generate kld from ipf. Every time, I compiled them into the kernel. > But why do you use such strange thing? I had to used this for a week when i was switching from ipfw to ipf without interrupting clients services For example, I like DUMMYNET and the bandwidth limiting with it. But if I know well, it's only available from ipfw's pipe commands. Or is it possible from ipf, or are there any other mechanism like dummynet? > > b) Are there any ipfw to ipf converter? I'd like to use (or write) it. > > There is an addition to ipf - 'flc', 'filter language compiler'. It can compile some ruleset written in his own simple language to various firewalls rulesets: ipf, ipfw, CISCO, fwadmin, etc. See http://coombs.anu.edu.au/ipfilter/ for details. Yes, I know it. But I'd like to _convert_ my actual rules, and not to rewrite them in another language. (Of course, I can rewrite them in ipf's own language :-) By, ZGabor at CoDe dot HU -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002171045.LAA00428>