What exactly is ipfilter?
fbsd_user at a1poweruser.com
Fri Dec 5 08:02:17 PST 2003
FBSD comes with two firewall applications built into the base
release. IPFW and IPFILTER. IPFW is an FBSD in-house project which
authored IPFW so the handbook leads the reader into thinking it's
the only firewall in FBSD. IPFW has just gone through an rewrite and
a bunch of code bloat was added in the form of new rule options
targeted at the professional FBSD user. It still contains the NATD
stateful bug and the stateless and simple stateful rule formats.
These rule formats do not provide the level of firewall security
necessary to protect your private network. I have used both
firewalls and have found that IPFILTER has cleaner stateful rule
format and in general is much easier to configure. The nat process
is done out side of the firewall where by IPFW performs the NAT
process as subroutine called from within the filter rules. Go with
IPFILTER you will be glade you did.
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Emmanuel
Sent: Friday, December 05, 2003 12:38 AM
To: freebsd-questions at freebsd.org
Subject: What exactly is ipfilter?
I'm looking through rc.conf and the kernel config file for FreeBSD
(recently downloaded it, my last upgrade was 4.5 so I was way
and this is a new install because my old firewall died). I'm used to
using ipfw and natd for my firewall, but now I'm seeing ipfilter,
and ipmon. I've done a google search on all of www.freebsd.org for
ipfilter, but it only seems to show up in release notes, and the
handbook doesn't really talk about it. Since I haven't recompiled my
kernel, should I consider this instead of ipfw and natd? What's the
On a related note, I'm not sure what the usefulness of IPDIVERT is
either, so I don't know if I should compile it in the kernel or not.
freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions