Basic FreeBSD firewall and patching questions.
norgaard at math.ku.dk
Thu Oct 20 02:08:28 PDT 2005
On Thu, 20 Oct 2005, Foo Ji-Haw wrote:
> Thanks for the brief breakdown on ipf and ipfilter. But what about ipfw? I
> like the 'auto-swap ruleset' feature, as well as account. Does ipfw do them
> as well? Thanks.
No idea, never used it and I don´t plan to. I'm using pf now, it
does what I need although I miss the two mentioned features, and I
see no reason to change.
I asked on the openbsd list for the ability to have an inactive
ruleset and swap for the very same reasons you want it, and got
"why would you ever want that?", "you can keep a backup in a
file", "why wouldn't you want to have 10 or 100 rulesets?", "you
can check your ruleset with pfctl -n", "it won't load if there are
They didn't get that the checks catches only syntactically
incorrect errors, not those typos that can lock you out while
strictly correct - like 10.0.0.0/2 instead of 10.0.0.0/24.
So don't request it. Same thing for groups.
More information about the freebsd-questions