Multiple firewalls
Cristian KLEIN
cristi at net.utcluj.ro
Wed Oct 25 23:56:34 UTC 2006
Max Laier wrote:
> On Wednesday 25 October 2006 01:20, Cristian KLEIN wrote:
>> Hi everybody,
>>
>> Please review the following article:
>> http://cristiklein.c7obs.net/public/doc/en_US.ISO8859-1/books/handbook/
>> firewalls-multi.html
>
> "Note: At the time of this writing, using IPFW and PF is not recommended."
>
> Where do you get such information? I know of several successful
> installations doing things like divert for L7 filtering in ipfw
> and "normal" firewalling in pf. Also note, that in order to use ipfw's
> ALTQ pf (eventhough one w/o a filtering ruleset) is required.
You are right. That info must date from the time I had haluciantions. I
have done more testing and found no problem.
I have switched from IPFW+IPNAT to IPFW+IPNAT+PF to IPFW+PF. All worked
as expected. I must say I like IPFW+PF more, because it makes passive
FTP easy, even if a very restrictive firewall is desired.
My appologies for misinforming the community. Seems that I have to write
another section called IPFW+PF. :)
More information about the freebsd-doc
mailing list