On Mon, 10 Jan 2000, Aaron C. Springer wrote:
> I know that ipfilter does not run on 2.2.x yet..
Probably won't unless someone gets off their butts and ports it or
Linux changes significantly. Darren isn't interested in doing another
Linux port, and the couple of times I've started all I've ended up with
is a headache. I haven't seen if 2.3.x is better though.
> I do not know about the freeswan..
It supported 2.0 and worked under early 2.2, but not "officially" the
last time I looked, which wasn't long after 2.2 surfaced.
> I would just use openbsd, it has the ipfilter and ipsec built in.
NetBSD seems to have the performance edge at this point. It's probably
moot for most Internet connectivity though. In any case, IPFilter is my
favorite filtering package, with IOS second, then ipfw, ipchains, et al.
> On 10-Jan-00 Ron DuFresne wrote:
> >
> > Doesn't ipfilter and freeswan require that folks stay with a 2.0.X kernel
> > rather then being able to progress up to a 2.2.X and above kernel?
> >
> > Policy routing in the iptables and 2.4.X kernels soon to be out, can
> > accomplish the same thing, yes?
Personally I'd wait a while before fielding a new system like the 2.4.x
stuff, esentially you're looking at trusting new kernel code, a new
packet filtering mechanism, and a new routing mechanism. Given the heavy
I/O addressing changes that are going in to 2.3.x (to take care of that
multi-NIC performance issue that's been hanging around for a while)
that's a significant ammount of change for a critical security mechanism.
Some would call that something other than brave... I'll stick with brave.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
