Hello, I don't know much about this so here is the question.
Is it possible to install firewall ipfw on a linux (kernel 2.4.27) version.
I have been advised to install this firewall.
Can I do that?
Will I have to uninstall iptables ?

Thanks, Xround

IPFW was 1st Generation Alan Cox's port of BSD UNIX's ipfw firewall to Linux 1.1 kernel.

You don't need to install this on Linux we have iptables - 4th Generation ~ Rusty Russel and others implemented a modular packet filter/mangler firewallLinux 2.4/2.6 kernels use this and you don't need to use ipfw on linux.

ipfw == BSD firewall
iptables == Linux firewall

Thank you for your answer. I was on holiday so I did not read much on internet since a week.

The reason for the question of installing ipfw on linux, is that I have problems with iptables, concerning large list to ban. Iptables is long to load large lists (I have around 10000 adress to be banned, and doing a ip-restore with iptables uses 7 or 8 hours ! ) and cause some problems with network ( restarting network service freezes or stops or is too long while lo "restart" ).

The advise come from a guy that may ban these address via ipfw and that has not these problems. Has anyone heard about this ?

Thanks, xround.

Couldn't you use an iptables firewall to protect your computer and a proxy server to block the 10000 sites?

Also, the (likely) reason it's taking so long is because of DNS lookups. Are you DENYing sites by IP or name? If you're doing it by name, that's the problem.

okmyx is correct though. Setting a list of sites that your users are not allowed to connect to with iptables isn't the worst possible way to do it, but it's close... Investigate squid or something similar.

once i did the same thing with packet filter.
my table was storing many addresses in domain name form, it also used to took an hour whenever i reload them.

I don't use dns name, only ip addresses? However, I thought ipfw was ok to manage large ip list. I will try with a proxy.
Thanks, xround.