Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!ns.mcs.kent.edu!kira.cc.uakron.edu!odin.oar.net!malgudi.oar.net!rclnews.eng.ohio-state.edu!magnus.acs.ohio-state.edu!math.ohio-state.edu!howland.reston.ans.net!newsfeed.internetmci.com!news.msfc.nasa.gov!sol.ctr.columbia.edu!proto.ida.org!proto.ida.org!not-for-mail From: ardoin@dmsoproto.ida.org (Cy Ardoin) Newsgroups: comp.unix.admin,alt.os.linux,alt.uu.comp.os.linux.questions,comp.os.linux.advocacy,comp.os.linux.misc,comp.os.linux.setup,comp.unix.bsd.freebsd.misc Subject: Re: Questions about Linux vs. FreeBSD... Date: 21 Dec 1995 20:54:35 -0500 Organization: IDA, Alexandria, Virginia Lines: 36 Message-ID: <4bd34r$aa7@dmsoproto.ida.org> References: <4ajc07$sb7@unix2.glink.net.hk> <4akmcp$qii@daffy.anetsrvcs.uwrf.edu> <4al9tu$f33@ixnews3.ix.netcom.com> <4alnqo$1hi@clarknet.clark.net> <4am5uq$r24@agate.berkeley.edu> <4aovq8$o3t@atusks02.aut.alcatel.at> NNTP-Posting-Host: dmsoproto.ida.org X-Newsreader: TIN [version 1.2 PL2] Xref: euryale.cc.adfa.oz.au comp.unix.admin:36305 alt.os.linux:6640 alt.uu.comp.os.linux.questions:5253 comp.os.linux.advocacy:31175 comp.os.linux.misc:76951 comp.os.linux.setup:33351 comp.unix.bsd.freebsd.misc:11004 Hum, You should look at the Linux firewall code... It has very serious problems prior to 1.3.37/45. IT LEAKS PACKETS. Why? Well the code Linux runs was taken from FreeBSD and the hooks into Linux don't exactly match the hooks in BSD. Cy Marino Ladavac (ladavac@aut.alcatel.at) wrote: : Jordan K. Hubbard (jkh@violet.berkeley.edu) wrote: : : In article <4alnqo$1hi@clarknet.clark.net>, : : David Clausen <clau@clark.net> wrote: : : >I had to make this decision about 2 months ago when it came time for me : : >to build an Internet firewalling gateway. I was won over by Linux : : >because of the fact that it supports kernel-level packet filtering; : : >which is analogous to what firewalling (packet-filtering) routers do : : >(but they cost lots of $$$$)! : : Then you made your decision on wholly erroneous grounds, I'm afraid. : : FreeBSD also supports kernel packet filtering and accounting. We've : : implemented several firewalls with it, including the one here. Type : : `man ipfw' on any post-2.0 FreeBSD machine. : : Jordan : Not only that. Linux ipfw is Alan Cox's port of Ugen Antsilevich ipfw from : guess where, FreeBSD. There was a big article in iX magazine which did, : however, mention Mr. Antsilevich, but said that the code comes from : 4.4BSD, without mentioning FreeBSD. The article was on building firewalls : using Linux. : You might want to tell iX what you think about the misinformation. : /Alby