[nycbug-talk] ipfw, ipf, pf comparison matrix
ike at lesmuug.org
Sat Sep 9 17:23:08 EDT 2006
On Sep 9, 2006, at 5:06 PM, George R. wrote:
>> With that, I'm no packet-filter guru, I'd totally love it if folks on
>> list would double-check the features, and re-post it!
> Come on Ike, don't give us that. . . *You* aren't a guru to review
Ok- I can comment on *some* things here.
> BTW, has anyone used PF on the master jail in FBSD to filter for the
> jails? I know ipfw is the standard way to do packet-filtering with
> jails. . .
No- jailed systems have no access to ipfw, or anything else- they are
explicitly restricted from doing so.
One can run packet filters on the host machine, conceptually making a
jailing host the perimeter firewall is common practice for jailing.
More information about the talk