Basic FreeBSD firewall and patching questions.
Erik Norgaard
norgaard at math.ku.dk
Thu Oct 20 02:08:28 PDT 2005
On Thu, 20 Oct 2005, Foo Ji-Haw wrote:
> Thanks for the brief breakdown on ipf and ipfilter. But what about ipfw? I
> like the 'auto-swap ruleset' feature, as well as account. Does ipfw do them
> as well? Thanks.
No idea, never used it and I don´t plan to. I'm using pf now, it
does what I need although I miss the two mentioned features, and I
see no reason to change.
I asked on the openbsd list for the ability to have an inactive
ruleset and swap for the very same reasons you want it, and got
flamed:
"why would you ever want that?", "you can keep a backup in a
file", "why wouldn't you want to have 10 or 100 rulesets?", "you
can check your ruleset with pfctl -n", "it won't load if there are
errors".
They didn't get that the checks catches only syntactically
incorrect errors, not those typos that can lock you out while
strictly correct - like 10.0.0.0/2 instead of 10.0.0.0/24.
So don't request it. Same thing for groups.
Cheers, Erik
More information about the freebsd-questions
mailing list