*BSD News Article 57564


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!ns.mcs.kent.edu!kira.cc.uakron.edu!odin.oar.net!malgudi.oar.net!rclnews.eng.ohio-state.edu!magnus.acs.ohio-state.edu!math.ohio-state.edu!howland.reston.ans.net!newsfeed.internetmci.com!news.msfc.nasa.gov!sol.ctr.columbia.edu!proto.ida.org!proto.ida.org!not-for-mail
From: ardoin@dmsoproto.ida.org (Cy Ardoin)
Newsgroups: comp.unix.admin,alt.os.linux,alt.uu.comp.os.linux.questions,comp.os.linux.advocacy,comp.os.linux.misc,comp.os.linux.setup,comp.unix.bsd.freebsd.misc
Subject: Re: Questions about Linux vs. FreeBSD...
Date: 21 Dec 1995 20:54:35 -0500
Organization: IDA, Alexandria, Virginia
Lines: 36
Message-ID: <4bd34r$aa7@dmsoproto.ida.org>
References: <4ajc07$sb7@unix2.glink.net.hk> <4akmcp$qii@daffy.anetsrvcs.uwrf.edu> <4al9tu$f33@ixnews3.ix.netcom.com> <4alnqo$1hi@clarknet.clark.net> <4am5uq$r24@agate.berkeley.edu> <4aovq8$o3t@atusks02.aut.alcatel.at>
NNTP-Posting-Host: dmsoproto.ida.org
X-Newsreader: TIN [version 1.2 PL2]
Xref: euryale.cc.adfa.oz.au comp.unix.admin:36305 alt.os.linux:6640 alt.uu.comp.os.linux.questions:5253 comp.os.linux.advocacy:31175 comp.os.linux.misc:76951 comp.os.linux.setup:33351 comp.unix.bsd.freebsd.misc:11004

Hum, You should look at the Linux firewall code...  It has
very serious problems prior to 1.3.37/45.  IT LEAKS PACKETS.

Why? Well the code Linux runs was taken from FreeBSD and the
hooks into Linux don't exactly match the hooks in BSD.
  
	Cy


Marino Ladavac (ladavac@aut.alcatel.at) wrote:
: Jordan K. Hubbard (jkh@violet.berkeley.edu) wrote:
: : In article <4alnqo$1hi@clarknet.clark.net>,
: : David Clausen <clau@clark.net> wrote:
: : >I had to make this decision about 2 months ago when it came time for me
: : >to build an Internet firewalling gateway.  I was won over by Linux
: : >because of the fact that it supports kernel-level packet filtering;
: : >which is analogous to what firewalling (packet-filtering) routers do
: : >(but they cost lots of $$$$)!

: : Then you made your decision on wholly erroneous grounds, I'm afraid.

: : FreeBSD also supports kernel packet filtering and accounting.  We've
: : implemented several firewalls with it, including the one here.  Type
: : `man ipfw' on any post-2.0 FreeBSD machine.

: : 					Jordan

: Not only that.  Linux ipfw is Alan Cox's port of Ugen Antsilevich ipfw from
: guess where, FreeBSD.  There was a big article in iX magazine which did,
: however, mention Mr. Antsilevich, but said that the code comes from
: 4.4BSD, without mentioning FreeBSD.  The article was on building firewalls
: using Linux.

: You might want to tell iX what you think about the misinformation.

: /Alby