Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]
From: Peter C. Lai (sirmoo_at_cowbert.2y.net)
Date: 08/09/03
- Previous message: Redmond Militante: "problems with ipfilter on 5.1-RELEASE"
- In reply to: Zvezdan Petkovic: "Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]"
- Next in thread: Zvezdan Petkovic: "Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]"
- Reply: Zvezdan Petkovic: "Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 8 Aug 2003 18:49:48 -0400 To: freebsd-security@freebsd.org
What are you meaning by "native"? They both exist as part of the base FreeBSD
kernel; so in that sense, both ipf and ipfw are "native" to FreeBSD. I don't
see how this argument is appropriate for choosing one over the other anyway.
On Thu, Aug 07, 2003 at 06:22:55PM -0400, Zvezdan Petkovic wrote:
> On Thu, Aug 07, 2003 at 01:59:27PM -0700, Chris Odell wrote:
> >
> > But why IPFW? IPF is *BSD native wall. I actually use both - IPF for
> > firewalling, and IPFW for throttling via dummy net. My recommended
> > reading for IPF and IPFW is "Building Linux and OpenBSD Firewalls"...
>
> Where did you get this information?
>
> Native firewall for FreeBSD is ipfw, AFAIK. It's even used on OS X as a
> native firewall, due to Darwin's FreeBSD roots.
>
> Also, OpenBSD stopped using ipf four releases ago. The native firewall
> for OpenBSD is pf. pf inherited much of the syntax from ipf, but also
> extended it and added some features.
>
> That said, I personally find ipf quite a good stateful firewall and its
> syntax can feel more natural than ipfw syntax. It also works on Solaris
> and other OS's besides *BSDs.
>
> --
> Zvezdan Petkovic <zvezdan@cs.wm.edu>
> http://www.cs.wm.edu/~zvezdan/
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
-- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Redmond Militante: "problems with ipfilter on 5.1-RELEASE"
- In reply to: Zvezdan Petkovic: "Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]"
- Next in thread: Zvezdan Petkovic: "Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]"
- Reply: Zvezdan Petkovic: "Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
