Yes, SPI stands for Statefull Packet Inspection. Wasn't aware IPFW was a SPI Firewall, always thought IPFilter was much better. I used to run iptables on Linux and tried IPFilter (which is very good imho). IPFW pages aren't that explicit or I didn't looked at the right place.
Any of you can point me some nice pages to learn more about it ? Regards -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Daniel C. Sobral Envoyé : lundi 10 février 2003 13:46 À : Coercitas Temet'Nosce Cc : 'Don'; [EMAIL PROTECTED] Objet : Re: RE : IPFilter Coercitas Temet'Nosce wrote: > Pardon my poor knowledge about IPFW 2 but if I remember well, IPFW > wasn't a SPI Firewall, which is what I need. Btw, previous Kernel allows > us to fine tune its building for IPF and now, it simply gone...was > really wondering where those features are. What, exactly, is a 'SPI' firewall? If you mean stateful firewall, you haven't looking into ipfw for at least five years (making your remark obsolete, not ipfw :). The only thing I couldn't do with the old ipfw was atomic replacement of rules. With ipfw2 I can do that. ipfw2 is default on 5.0 and can be turned on on 4.7 (options IPFW2 on kernel and WITH_IPFW2, iirc, on make.conf). The '2' is the version, the binary, man pages etc still have all the same names. > > Is there any web place where I can find stuff about IPFW2 by chance ? > > regards > > -----Message d'origine----- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] De la part de Don > Envoyé : dimanche 9 février 2003 19:47 > À : Coercitas Temet'Nosce > Cc : [EMAIL PROTECTED] > Objet : Re: TR : IPFilter > > >>Btw, I was looking for some docs on the FreeBSD website and didn't > > found > >>anything interesting, only firewall that FreeBSD seems to support >>nowadays >>is the old IPFW, which is quite obsolete now imo. Why are > > documentation > >>pages not dealing with IPF at all ? is there any reason ? > > Try ipfw2 > > -Don > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-current" in the body of the message > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-current" in the body of the message -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca TCO Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Outros: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] The past always looks better than it was. It's only pleasant because it isn't here. -- Finley Peter Dunne (Mr. Dooley) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
