On Tue, 26 Oct 2004 22:46:53 +0100 in lucky.freebsd.questions, Alexandre Vieira wrote:
> Anyone knows if there is any problem in compiling ipfw and pf in the > same kernel? > Which one will be turned of by default? Or will they both be turned on? > Will the default rule for PF be allow all ? > They both will work. Just test it: let ipfw rules and pf rules to log information about packets they catch and check which of them get a packet first. According to netinet/ip_input.c:ip_input function ip_output.c:ip_output function in 5.2.1 first are called PFIL_HOOKed firewalls, then ipfw is called, in CURRENT it seems that all firewalls will use PFIL_HOOK. In 5.x, see net/pfil.c:pfil_list_add function, last several lines which add firewall hook to the incoming or the outgoing list will explain which of PFIL_HOOKed firewalls will be called first for incoming and outgoing directions. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"