Dinesh Nair wrote:
by default the flow is:
wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfilter -> ipnat ->ipfw
the patch in the above PR changes it to:
wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfw -> ipfilter -> ipnat
Interesting! Thanks for all the great info guys.
I don't really need t
On Thu, 29 Jul 2004, Jeremie Le Hen wrote:
> Hello Charlie,
>
> > I'm running ipf because I like it ...but now I need to use ipfw's pipe
> > feature. I was thinking that I could just run both, and keep all my
> > rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all.
> >
> >
Hi all,
I was wondering for some time in a while.. How is the performance difference in
general between IPFW2 and PF in stateless rules? I know performance really is
hard to tell and depends on your environment. Are they just about the same
since stateless rules are going at linear rate of O(N) o
On Thu, Jul 29, 2004 at 01:23:52AM +0200, Jeremie Le Hen wrote:
> AFAIK, ipf takes precedence on ipfw for incoming packets on -STABLE,
> and this is of course symmetric for outgoing ones.
No, outgoing packets are passed through ipf/ipnat before they reach
ipfw (at least in STABLE, PR kern/46564).
On Thursday 29 July 2004 09:25, Andrew Riabtsev wrote:
> Hello Max,
>
> Thursday, July 29, 2004, 1:46:06 AM, you wrote:
>
> ML> Another alternative (on FreeBSD-current) would be pf+ALTQ, btw ;)
> Is there any chance to see one day pf for 4.X-RELEASE? I'm still
> thinking pf is the best firewall eve
Hi,
We're actually planning to migrate to PF instead of IPF+IPFW to meet
these needs.
IPFW from what I've gathered over the past few years is the traditional
FreeBSD way of handling firewalls, nat and bandwidth limiting.
We found IPFW a little complex to use, granted very powerful.
We ended up
Hello Charlie,
> I'm running ipf because I like it ...but now I need to use ipfw's pipe
> feature. I was thinking that I could just run both, and keep all my
> rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all.
>
> It didn't work (no rate-limiting happened).. and I'm
Hello Charlie,
Thursday, July 29, 2004, 1:23:33 AM, you wrote:
CS> So, what is the order, if I'm running ipf AND ipfw at the same time?
CS> Will it work at all in this manner?
Load both firewalls as modules, then you can be sure packets goes
first through firewall you load first. And yes, this sh
On Wednesday 28 July 2004 23:23, Charlie Schluting wrote:
> Hello..
>
> I'm running ipf because I like it ...but now I need to use ipfw's pipe
> feature. I was thinking that I could just run both, and keep all my
> rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow
> all.
>
> I
