Looking for ipfw info.

Shaun T. Erickson ste at ste-land.com
Thu Feb 26 11:08:19 PST 2004

JJB wrote:

> The problem with all those links is that what they write about is
> outdated and complete mis-directs the reader into using IPFW's
> legacy stateless rules when only stateful rules should be used to
> get the max level of protection.

The rules she gives in her second article most certainly describe 
creating a stateful firewall.

> They also completely ignore the
> problem ipfw has with stateful rules not working when the
> divert/naded subroutine call is used. IPFW has major legacy
> stateful/NAT bug and ipfilter does not.

Can you provide me with links to information that documents this?

> Ipfilter provides an much
> higher level of protection in an LAN environment than IPFW can ever
> do in it's current state. Even the openbsd pf port is an better
> firewall solution for a firewall with an LAN behind it then IPFW.

Please provide me with links to documentation that objectively compares 
them, so that I can weigh the merits of what you say.

> Please don't continue the FBSD's handbook mis-information about IPFW
> being the only FBSD firewall solution or that it's the best
> solution. The handbook is also way behind in it's content being
> current and up to date.

As a new FreeBSD user, there's no way I could possibly know that, now is 
there? I simply passed along what I have found to be useful.

I still need to know the answer to my question about what changes I need 
to make to my kernel to support a firewall on my server.


More information about the freebsd-questions mailing list