ipf & ipfw are something like iptables & ipchains ? both tools do the same job 
?



On Sunday 02 February 2003 20:26 Anno Domini, JoeB wrote using one of his 
keyboards:
> There are 3 classes of rules in IPFW, each class has separate packet
> interrogation abilities. Each proceeding class has greater packet
> interrogation abilities than the previous one. These are stateless,
> simple stateful, and advanced stateful. The advanced stateful rule
> class is the only class having technically advanced interrogation
> abilities capable of defending against the flood of different attack
> methods currently employed by perpetrators. Stateless and Simple
> Stateful IPFW firewall rules are inadequate to protect the users
> system in today's internet environment and leaves the user
> unknowingly believing they are protected when in reality they are
> not.
>
> The advanced stateful rule option keep-state works as documented
> only when used in a rule set that does not use the divert rule.
> Simply stated the IPFW advanced stateful rule option keep-state does
> not function correctly when used in a IPFW firewall that also is
> using the IPFW built in NATD function. For the most complete
> keep-state protection the other FIREWALL solution (IPFILTER) that
> comes with FBSD should be used. Just checkout the IPFW list archives
> and you will see this subject discussed in detail with out any
> solution forthcoming.
>
> http://www.obfuscation.org/ipf/
>
> http://www.obfuscation.org/ipf/ipf-howto.html
>
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Petre
> Bandac
> Sent: Sunday, February 02, 2003 4:51 AM
> To: [EMAIL PROTECTED]
> Subject: ipfw firewall questions
>
> hello
>
> I'm about to "compose" my first ipfw firewall - and, since I have
> worked quite
> a lot with iptables, I'm interesed in a few minor similarities:
>
> 1 - the firewall is called by rc.conf ? or ca I call it at boot time
> via
> whatever *.sh placed in the right place
>
> 2 - the firewall can be a executable bash script (i.e. like a
> regular linux
> firewall, with variables like myIP="192.168.0.0") ?
>
> I guess the rest is covered in the docs I have carefully RTFM :-)
>
> thanks,
>
> petre

-- 
Login: petre                            Name: Petre Bandac
Directory: /home/petre                  Shell: /usr/local/bin/zsh
On since Sun Feb  2 13:56 (EET) on ttyv0, idle 8:51 (messages off)
Last login Sun Feb  2 20:03 (EET) on ttyp0 from ns.rdsbv.ro
No Mail.
No Plan.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to