Re: ipfw vs. ipf on a freebsd router
- From: Giorgos Keramidas <keramida@xxxxxxxxxxxxxxx>
- Date: Wed, 18 Oct 2006 18:25:37 +0300
On 2006-10-18 15:10, John Levine <johnl@xxxxxxxx> wrote:
I'm putting together a freebsd router to sit between my LAN and a T1.
The current router (still running BSD/OS) uses BSDI's ipfw, but that
died when BSDI did. It's about as simple a routing job as one could
ask, a T1 with a static address to a LAN with a static /24.
I have a whole bunch of packet filtering rules on the current router
to keep out nasty stuff based partly on port numbers but also a couple
of hundred IP ranges from the SBL and elsewhere. I have enough IP
addresses that I do not need to NAT.
What are the relative merits of freebsd's ipf and ipfw? It looks like
either can do the filtering I need to do. Any reason to choose one
over the other?
For what it's worth, IPFW is also available on FreeBSD.
I don't know how different the BSDi version of IPFW was, but it may be
easier to use FreeBSD's IPFW -- at least at first.
If reducing the pain of a transition from BSD/OS to FreeBSD is a worthy
goal, I would recommend IPFW :)
While I'm at it, should I turn on netgraph or just use the regular
network stuff?
Not necessarily. Do you really need it?
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- ipfw vs. ipf on a freebsd router
- From: John Levine
- ipfw vs. ipf on a freebsd router
- Prev by Date: Re: Routing with external interface doesn't work after a while
- Next by Date: RE: Routing with external interface doesn't work after a while
- Previous by thread: Re: ipfw vs. ipf on a freebsd router
- Index(es):
Relevant Pages
|
