Re: What exactly is ipfilter?
On Thu, Dec 04, 2003 at 10:38:16PM -0700, Emmanuel Gravel wrote: > I'm looking through rc.conf and the kernel config file for FreeBSD 4.9 > (recently downloaded it, my last upgrade was 4.5 so I was way behind, > and this is a new install because my old firewall died). I'm used to > using ipfw and natd for my firewall, but now I'm seeing ipfilter, ipnat > and ipmon. I've done a google search on all of www.freebsd.org for > ipfilter, but it only seems to show up in release notes, and the online > handbook doesn't really talk about it. Since I haven't recompiled my new > kernel, should I consider this instead of ipfw and natd? What's the > difference, exactly? ipfilter is just another firewall implementation, which you can use instead of ipfw/natd if you wish. The difference is mainly that it is different. The configuration and implementation is completely different, but the functionality is more or less the same. Use whichever one of ipfw/ipfilter that you wish, but if you already are familiar with ipfw/natd you might as well stick with it, unless you have some specific reason to switch. Since ipfilter isn't FreeBSD specific, you should probably not confine your web-searches for information on it to freebsd.org. > > On a related note, I'm not sure what the usefulness of IPDIVERT is > either, so I don't know if I should compile it in the kernel or not. It is needed for natd to work, so if you are using natd you need IPDIVERT in your kernel. -- Erik Trulsson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: What exactly is ipfilter?
FBSD comes with two firewall applications built into the base release. IPFW and IPFILTER. IPFW is an FBSD in-house project which authored IPFW so the handbook leads the reader into thinking it's the only firewall in FBSD. IPFW has just gone through an rewrite and a bunch of code bloat was added in the form of new rule options targeted at the professional FBSD user. It still contains the NATD stateful bug and the stateless and simple stateful rule formats. These rule formats do not provide the level of firewall security necessary to protect your private network. I have used both firewalls and have found that IPFILTER has cleaner stateful rule format and in general is much easier to configure. The nat process is done out side of the firewall where by IPFW performs the NAT process as subroutine called from within the filter rules. Go with IPFILTER you will be glade you did. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Emmanuel Gravel Sent: Friday, December 05, 2003 12:38 AM To: [EMAIL PROTECTED] Subject: What exactly is ipfilter? I'm looking through rc.conf and the kernel config file for FreeBSD 4.9 (recently downloaded it, my last upgrade was 4.5 so I was way behind, and this is a new install because my old firewall died). I'm used to using ipfw and natd for my firewall, but now I'm seeing ipfilter, ipnat and ipmon. I've done a google search on all of www.freebsd.org for ipfilter, but it only seems to show up in release notes, and the online handbook doesn't really talk about it. Since I haven't recompiled my new kernel, should I consider this instead of ipfw and natd? What's the difference, exactly? On a related note, I'm not sure what the usefulness of IPDIVERT is either, so I don't know if I should compile it in the kernel or not. Thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: What exactly is ipfilter?
On Thu, 4 Dec 2003, Emmanuel Gravel wrote: > I'm looking through rc.conf and the kernel config file for FreeBSD 4.9 > (recently downloaded it, my last upgrade was 4.5 so I was way behind, > and this is a new install because my old firewall died). I'm used to > using ipfw and natd for my firewall, but now I'm seeing ipfilter, ipnat > and ipmon. I've done a google search on all of www.freebsd.org for > ipfilter, but it only seems to show up in release notes, and the online > handbook doesn't really talk about it. Since I haven't recompiled my new > kernel, should I consider this instead of ipfw and natd? What's the > difference, exactly? > > On a related note, I'm not sure what the usefulness of IPDIVERT is > either, so I don't know if I should compile it in the kernel or not. i'm currently using ipf and ipnat for firewall. you can check this URL for ipf: http://www.obfuscation.org/ipf/ipf-howto.html#TOC_5 --- Dwi Suharto System Engineer and Computer Network Technical Support STMIK AKAKOM Yogyakarta Phone: +62-274-486664 ext. 192 Mobile: +62-8562836982 http://get.bounceme.net/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
What exactly is ipfilter?
I'm looking through rc.conf and the kernel config file for FreeBSD 4.9 (recently downloaded it, my last upgrade was 4.5 so I was way behind, and this is a new install because my old firewall died). I'm used to using ipfw and natd for my firewall, but now I'm seeing ipfilter, ipnat and ipmon. I've done a google search on all of www.freebsd.org for ipfilter, but it only seems to show up in release notes, and the online handbook doesn't really talk about it. Since I haven't recompiled my new kernel, should I consider this instead of ipfw and natd? What's the difference, exactly? On a related note, I'm not sure what the usefulness of IPDIVERT is either, so I don't know if I should compile it in the kernel or not. Thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"