RE: What exactly is ipfilter?

• Previous message: Payne: "how to uninstall a port..."
• In reply to: Emmanuel Gravel: "What exactly is ipfilter?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Emmanuel Gravel" <mailinglistseg@earthlink.net>, <freebsd-questions@freebsd.org>
Date: Fri, 5 Dec 2003 10:30:45 -0500

FBSD comes with two firewall applications built into the base
release. IPFW and IPFILTER. IPFW is an FBSD in-house project which
authored IPFW so the handbook leads the reader into thinking it's
the only firewall in FBSD. IPFW has just gone through an rewrite and
a bunch of code bloat was added in the form of new rule options
targeted at the professional FBSD user. It still contains the NATD
stateful bug and the stateless and simple stateful rule formats.
These rule formats do not provide the level of firewall security
necessary to protect your private network. I have used both
firewalls and have found that IPFILTER has cleaner stateful rule
format and in general is much easier to configure. The nat process
is done out side of the firewall where by IPFW performs the NAT
process as subroutine called from within the filter rules. Go with
IPFILTER you will be glade you did.

-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Emmanuel
Gravel
Sent: Friday, December 05, 2003 12:38 AM
To: freebsd-questions@freebsd.org
Subject: What exactly is ipfilter?

I'm looking through rc.conf and the kernel config file for FreeBSD
4.9
(recently downloaded it, my last upgrade was 4.5 so I was way
behind,
and this is a new install because my old firewall died). I'm used to
using ipfw and natd for my firewall, but now I'm seeing ipfilter,
ipnat
and ipmon. I've done a google search on all of www.freebsd.org for
ipfilter, but it only seems to show up in release notes, and the
online
handbook doesn't really talk about it. Since I haven't recompiled my
new
kernel, should I consider this instead of ipfw and natd? What's the
difference, exactly?

On a related note, I'm not sure what the usefulness of IPDIVERT is
either, so I don't know if I should compile it in the kernel or not.

Thanks!

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Payne: "how to uninstall a port..."
• In reply to: Emmanuel Gravel: "What exactly is ipfilter?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: FTP problem with IPFW ... Please do send the sample ipfilter rules. ... To give you an idea about my requirements, my complete IPFW ... Firewall with IPFILTER" ... > All seems to be working fine, except for FTP. ... (freebsd-questions) RE: strange problem with ipfw and rc.conf ... compile either one of the firewalls into the kernel to work. ... You need to read the firewall section of the handbook. ... I would recommend you use ipfilter as your firewall. ... IPFW is for the experienced firewall user who has FW ... (freebsd-questions) Re: firewall ... FBSD has IPFILTER which is also a built in firewall. ... I have used both IPFW and IPFILTER, ... (freebsd-questions) Re: easy firewall for freeBSD ... When I started out looking for a firewall a little while ago I ... >> the syntax of the IPFilter rules are very easy ie. ... Now it is true that Ipfw now has state ... > It is more or less being ported to FreeBSD. ... (comp.unix.bsd.freebsd.misc) Re: IpFilter / IpFireWall ... >> this has nothing to do with ipfw or ipfilter. ... ipfw and ipfilter don't decrement the ttl. ... the difference between a firewall and a router. ... (FreeBSD-Security)