[nycbug-talk] ipfw, ipf, pf comparison matrix
Isaac Levy
ike at lesmuug.org
Sat Sep 9 17:23:08 EDT 2006
Hi George,
On Sep 9, 2006, at 5:06 PM, George R. wrote:
>> With that, I'm no packet-filter guru, I'd totally love it if folks on
>> list would double-check the features, and re-post it!
>
> Come on Ike, don't give us that. . . *You* aren't a guru to review
> this?
>
> ;-'
Ok- I can comment on *some* things here.
>
> BTW, has anyone used PF on the master jail in FBSD to filter for the
> jails? I know ipfw is the standard way to do packet-filtering with
> jails. . .
>
> g
No- jailed systems have no access to ipfw, or anything else- they are
explicitly restricted from doing so.
One can run packet filters on the host machine, conceptually making a
jailing host the perimeter firewall is common practice for jailing.
Best,
.ike
More information about the talk
mailing list