[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Re: FreeBSD and Linux.
>
> Yes... IPF does seem to be good stuff. I've been following several
> iptables lists for months now and everyone is very confused.
>
As the Linux firewall goes through incarnations, the command line syntax
not only changes, but gets more confusing as well. It also requires
multiple invocations of iptables/ipchains/ipfwadm to create a firewall.
OpenBSD's approach is just a lot cleaner, and doesn't require multiple
invocations.
I think:
pass in log quick on ep0 proto tcp from any to any port = 22 flags S keep
state
is a lot more meaningful than <insert whatever the cryptic
ipchains/iptables command-line is to do the same>. Yes, you could guess
with the ipchains/iptables/ipfwadm commandline, but it isn't verbose enough
for its meaning to be understood immediatly.
Chris...
--
\ Chris Johnson \ "If not for me then, do it for yourself. If not
\ cej [at] nccnet.co.uk \ for then do it for the world." -- Stevie Nicks
\ www.nccnet.co.uk/~cej/ ~-----------------------------------------+
\ Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \____
___________________________________________________________________
Sheffield Linux User's Group - http://www.sheflug.co.uk .
To unsubscribe from this list send mail to
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.