Date: Fri, 07 Jul 2000 19:35:29 GMT From: Salvo Bartolotta <bartequi@inwind.it> To: Peter.McGarvey@telinco.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Q: IPFIREWALL or IPFILTER? Message-ID: <20000707.19352900@bartequi.ottodomain.org> In-Reply-To: <3966015C.FCDCD1F5@telinco.net> References: <3966015C.FCDCD1F5@telinco.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 7/7/00, 5:12:12 PM, Peter McGarvey <Peter.McGarvey@telinco.net> wrote= =20 regarding Q: IPFIREWALL or IPFILTER?: > In building a new kernel, I can add support for IPFIREWALL and=20 IPFILTER. > What I'd like to know is what's the difference? > And which is better? > And is both a bad idea? > The only firewalls I've ever dealt with are of the packet filtering=20 sort > built into routers. But now I'm playing with a FreeBSD box with 3=20 NICs > so it seems like a good time to learn a bit more about firewalls. > Discovering that FreeBSD supports two I went looking for some sort of > comparison between the two. But couldn't find anything. Hence, the > above questions. > -- > TTFN, FNORD > Peter McGarvey, Unix Administrator > Network Operations Center, Telinco Limited Dear Peter McGarvey, I would not like to start a theological dispute in the least :-) Both of them can be configured with stateful rules. My (as yet=20 limited) understanding is that, essentially, they perform analogous=20 functions albeit ipfilter seems to be slighly more flexible. BTW, as an exercise, I am developing solutions based on both. You may wish to have a look at Marc's tutorial (on ipfw), which is=20 found at http://www.freeebsd.org/tutorials/dialup-firewall: mutatis=20 mutandis, it will provide an excellent starting point; other general=20 information (about firewalls) is found in the handbook. You might also want to read the relevant man pages (security(7);=20 ipfw(8); ipf(1,4,5)), and/or browse a few sites dealing with security=20 (e.g. http://www.cert.org); as regards ipfilter at large, you may wish=20 to begin reading http://www.linuxsecurity.com/resource_files/firewalls/ipf-howto.txt;=20 in addition, you will want to search the archives, in particular=20 -security, and gather further (more or less theological) information. One last note.=20 A couple of days ago a dangerous network-related bug was detected: you=20 may wish to retrieve kern/19722. HTH just a tiny bit, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000707.19352900>