Basic FreeBSD firewall and patching questions.

Thu Oct 20 02:08:28 PDT 2005

On Thu, 20 Oct 2005, Foo Ji-Haw wrote:

> Thanks for the brief breakdown on ipf and ipfilter. But what about ipfw? I
> like the 'auto-swap ruleset' feature, as well as account. Does ipfw do them
> as well? Thanks.

No idea, never used it and I don´t plan to. I'm using pf now, it 
does what I need although I miss the two mentioned features, and I 
see no reason to change.

I asked on the openbsd list for the ability to have an inactive 
ruleset and swap for the very same reasons you want it, and got 

"why would you ever want that?", "you can keep a backup in a 
file", "why wouldn't you want to have 10 or 100 rulesets?", "you 
can check your ruleset with pfctl -n", "it won't load if there are 

They didn't get that the checks catches only syntactically 
incorrect errors, not those typos that can lock you out while 
strictly correct - like instead of

So don't request it. Same thing for groups.

Cheers, Erik

