*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, I don't know much about this so here is the question.
Is it possible to install firewall ipfw on a linux (kernel 2.4.27) version.
I have been advised to install this firewall.
Can I do that?
Will I have to uninstall iptables ?
Distribution: RHEL3.0, FreeBSD 5.x, Debian 3.x, Soaris x86 v10
Posts: 379
Rep:
IPFW was 1st Generation Alan Cox's port of BSD UNIX's ipfw firewall to Linux 1.1 kernel.
You don't need to install this on Linux we have iptables - 4th Generation ~ Rusty Russel and others implemented a modular packet filter/mangler firewallLinux 2.4/2.6 kernels use this and you don't need to use ipfw on linux.
Thank you for your answer. I was on holiday so I did not read much on internet since a week.
The reason for the question of installing ipfw on linux, is that I have problems with iptables, concerning large list to ban. Iptables is long to load large lists (I have around 10000 adress to be banned, and doing a ip-restore with iptables uses 7 or 8 hours ! ) and cause some problems with network ( restarting network service freezes or stops or is too long while lo "restart" ).
The advise come from a guy that may ban these address via ipfw and that has not these problems. Has anyone heard about this ?
Also, the (likely) reason it's taking so long is because of DNS lookups. Are you DENYing sites by IP or name? If you're doing it by name, that's the problem.
okmyx is correct though. Setting a list of sites that your users are not allowed to connect to with iptables isn't the worst possible way to do it, but it's close... Investigate squid or something similar.
once i did the same thing with packet filter.
my table was storing many addresses in domain name form, it also used to took an hour whenever i reload them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.