On 2006-10-18 15:10, John Levine <[EMAIL PROTECTED]> wrote: > I'm putting together a freebsd router to sit between my LAN and a T1. > The current router (still running BSD/OS) uses BSDI's ipfw, but that > died when BSDI did. It's about as simple a routing job as one could > ask, a T1 with a static address to a LAN with a static /24. > > I have a whole bunch of packet filtering rules on the current router > to keep out nasty stuff based partly on port numbers but also a couple > of hundred IP ranges from the SBL and elsewhere. I have enough IP > addresses that I do not need to NAT. > > What are the relative merits of freebsd's ipf and ipfw? It looks like > either can do the filtering I need to do. Any reason to choose one > over the other?
For what it's worth, IPFW is also available on FreeBSD. I don't know how different the BSDi version of IPFW was, but it may be easier to use FreeBSD's IPFW -- at least at first. If reducing the pain of a transition from BSD/OS to FreeBSD is a worthy goal, I would recommend IPFW :) > While I'm at it, should I turn on netgraph or just use the regular > network stuff? Not necessarily. Do you really need it? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"