Re: [Sheflug] Re: FreeBSD and Linux.

["Chris J/#6" <xxxxx [at] xxxxxxxxxxxx>]

> 
> Yes... IPF does seem to be good stuff.  I've been following several 
> iptables lists for months now and everyone is very confused.  
> 

As the Linux firewall goes through incarnations, the command line syntax 
not only changes, but gets more confusing as well. It also requires 
multiple invocations of iptables/ipchains/ipfwadm to create a firewall.

OpenBSD's approach is just a lot cleaner, and doesn't require multiple 
invocations.

I think:

pass in log quick on ep0 proto tcp from any to any port = 22 flags S keep 
state

is a lot more meaningful than <insert whatever the cryptic 
ipchains/iptables command-line is to do the same>. Yes, you could guess 
with the ipchains/iptables/ipfwadm commandline, but it isn't verbose enough 
for its meaning to be understood immediatly.

Chris...

-- 
\ Chris Johnson           \  "If not for me then, do it for yourself. If not
 \ cej [at] nccnet.co.uk        \  for then do it for the world." -- Stevie Nicks
  \ www.nccnet.co.uk/~cej/  ~-----------------------------------------+
   \ Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \____


___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.