Re: Compiling PF and IPFW in the same kernel
On Tue, 26 Oct 2004 22:46:53 +0100 in lucky.freebsd.questions, Alexandre Vieira wrote: Anyone knows if there is any problem in compiling ipfw and pf in the same kernel? Which one will be turned of by default? Or will they both be turned on? Will the default rule for PF be allow all ? They both will work. Just test it: let ipfw rules and pf rules to log information about packets they catch and check which of them get a packet first. According to netinet/ip_input.c:ip_input function ip_output.c:ip_output function in 5.2.1 first are called PFIL_HOOKed firewalls, then ipfw is called, in CURRENT it seems that all firewalls will use PFIL_HOOK. In 5.x, see net/pfil.c:pfil_list_add function, last several lines which add firewall hook to the incoming or the outgoing list will explain which of PFIL_HOOKed firewalls will be called first for incoming and outgoing directions. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Compiling PF and IPFW in the same kernel
Hello, Anyone knows if there is any problem in compiling ipfw and pf in the same kernel? Which one will be turned of by default? Or will they both be turned on? Will the default rule for PF be allow all ? Sorry for the mass questioning! thanks for your time :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Compiling PF and IPFW in the same kernel
On Tue, Oct 26, 2004 at 10:46:53PM +0100, Alexandre Vieira wrote: Hello, Anyone knows if there is any problem in compiling ipfw and pf in the same kernel? Which one will be turned off by default? Or will they both be turned on? Useing two different firewall doesn't cause a problem. I've used ipfw and ipf (different from pf, i think) combined. This never caused any problem. I feel its unlikly if it would cause a problem in this case. -- Alex Please copy the original recipients, otherwise I may not read your reply. WWW: http://www.kruijff.org/alex/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
