Converting from IPFW to IPFILTER

Brian E. Conklin bconklin at masongeneral.com
Mon Oct 10 08:18:32 PDT 2005


> -----Original Message-----
> From: Mark Cullen [mailto:mark.r.cullen at gmail.com] 
> Sent: Friday, October 07, 2005 2:59 AM
> To: Charles Swiger
> Cc: Brian E. Conklin; freebsd-questions at freebsd.org
> Subject: Re: Converting from IPFW to IPFILTER
> 
> 
> Charles Swiger wrote:
> > On Oct 6, 2005, at 5:44 PM, Brian E. Conklin wrote:
> > 
> >>     I am getting ready to switch a FreeBSD 4.11 machine 
> from IPFW to
> >> IPFILTER for better FTP and NAT support.
> > 
> > 
> > Hmm.  Is there something natd doesn't handle for your case...?
> > 
> >>     I currently have IPFW compiled into the kernel.
> >>     Do I need to recompile a kernel without IPFW before I 
> can  enable 
> >> IPF?
> >>     Can I just set IPFW to allow everything by default?
> >>     Thanks in advance for your advice.
> > 
> 
> You can have IPFW and IPF active at the same time, yes.
> 

So I am assuming because IPFW is built into the kernel with a "default to
deny" option, I will need an IPFW rule allowing everything? Or, can I change
my rc.conf to have IPFIREWALL_ENABLE="NO"?

> > 
> > If you're going to switch to using IPF, you might want to consider  
> > upgrading or reinstalling the OS  to 5.4 instead of 4.11.
> > 
> 
> Are there any particular reasons why you suggest switching 
> from 4.11 to 
> 5.4 if going from IPFW to IPF? Because I have just converted 
> from IPFW2 
> to IPF on 4.11-STABLE...
> 
> I did notice that IPF appears to be a rather old version. 
> 3.something, 
> where the latest version of IPF is 4.something. Is this the reason?
> 
=================================== 

Mason General Hospital 
901 Mt. View Drive 
PO Box 1668 
Shelton, WA 98584 
http://www.masongeneral.com 
(360) 426-1611 
=================================== 
 
This message is intended for the sole use of the individual and entity 
to whom it is addressed and may contain information that is privileged, 
confidential and exempt from disclosure under applicable law. If you 
are not the addressee nor authorized to receive for the addressee, you 
are hereby notified that you may not use, copy, disclose or distribute 
to anyone this message or any information contained in the message. If 
you have received this message in error, please immediately notify the 
sender and delete the message. 
 
Replying to this message constitutes consent to electronic monitoring
of this message. 
 
Thank you. 



More information about the freebsd-questions mailing list