At 5:03 PM +0100 2000/1/8, Luigi Rizzo wrote:
> Other reasons for the switch could be the fact that ipf is stateful
> (but i am working on adding state to ipfw, if i find proper support
> - hint, hint), so you can build better things.
I'm moving towards using ipfilter on our Solaris machines,
primarily as a "super TCP-Wrappers" solution for improved host
security, and what I've done so far it looks like the statefulness
will be extremely useful. I really appreciate that ipfilter works on
many different platforms, not just one.
However, if I can get the good features of ipfilter with ipfw
under FreeBSD, I'd consider that to be sufficient reason to consider
using ipfw instead.
--
These are my opinions -- not to be taken as official Skynet policy
____________________________________________________________________
|o| Brad Knowles, <[EMAIL PROTECTED]> Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o|
|o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o|
|o| http://www.skynet.be Belgium |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
Unix is very user-friendly. It's just picky who its friends are.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
