Looking for ipfw info.
Shaun T. Erickson
ste at ste-land.com
Thu Feb 26 11:08:19 PST 2004
JJB wrote:
> The problem with all those links is that what they write about is
> outdated and complete mis-directs the reader into using IPFW's
> legacy stateless rules when only stateful rules should be used to
> get the max level of protection.
The rules she gives in her second article most certainly describe
creating a stateful firewall.
> They also completely ignore the
> problem ipfw has with stateful rules not working when the
> divert/naded subroutine call is used. IPFW has major legacy
> stateful/NAT bug and ipfilter does not.
Can you provide me with links to information that documents this?
> Ipfilter provides an much
> higher level of protection in an LAN environment than IPFW can ever
> do in it's current state. Even the openbsd pf port is an better
> firewall solution for a firewall with an LAN behind it then IPFW.
Please provide me with links to documentation that objectively compares
them, so that I can weigh the merits of what you say.
> Please don't continue the FBSD's handbook mis-information about IPFW
> being the only FBSD firewall solution or that it's the best
> solution. The handbook is also way behind in it's content being
> current and up to date.
As a new FreeBSD user, there's no way I could possibly know that, now is
there? I simply passed along what I have found to be useful.
I still need to know the answer to my question about what changes I need
to make to my kernel to support a firewall on my server.
-ste
More information about the freebsd-questions
mailing list