From owner-freebsd-questions@FreeBSD.ORG  Mon Oct 30 14:51:38 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A68C116A415
	for <freebsd-questions@freebsd.org>;
	Mon, 30 Oct 2006 14:51:38 +0000 (UTC)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: from mail3.sea5.speakeasy.net (mail3.sea5.speakeasy.net
	[69.17.117.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id E85C143D5F
	for <freebsd-questions@freebsd.org>;
	Mon, 30 Oct 2006 14:51:37 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: (qmail 4139 invoked from network); 30 Oct 2006 14:51:37 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org)
	([66.92.78.145])
	(envelope-sender <freebsd-questions-local@be-well.ilk.org>)
	by mail3.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <freebsd-questions@freebsd.org>; 30 Oct 2006 14:51:37 -0000
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id 981DC28432; Mon, 30 Oct 2006 09:51:36 -0500 (EST)
To: freebsd-questions@freebsd.org
References: <E4B019F7-1067-45C3-AF93-CF0980A57471@tca-cable-connector.com>
	<3ee9ca710610300524y7db3dc1bg56e144b452d90dc@mail.gmail.com>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: Mon, 30 Oct 2006 09:51:36 -0500
In-Reply-To: <3ee9ca710610300524y7db3dc1bg56e144b452d90dc@mail.gmail.com>
	(Andy Greenwood's message of "Mon, 30 Oct 2006 08:24:18 -0500")
Message-ID: <448xixrh53.fsf@be-well.ilk.org>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: IPFW and PF
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2006 14:51:38 -0000

"Andy Greenwood" <greenwood.andy@gmail.com> top-posted:

> On 10/28/06, David Schulz <davidschulz@tca-cable-connector.com> wrote:
>> Hi all,
>>
>> IPFW seems to be the same IPFW that is used on MacOSX, so it seems to
>> make sense to learn and lean on IPFW when using in a mixed Machine
>> Environment. On the other side, many People seem to say PF is easier
>> to manage once a setup gets complicated. As usual, both sides have
>> their own valid points. My question though is not whether any of the
>> two , IPFW of PF is better then the other, but which of the two do
>> you use, and why?
>>

> PF, for two reasons. Firstly, because I don't have to mess with
> arbitrary rule numbers; I can just scroll down the page and know that
> rules will be executed in that order. Secondly becuase I can easily
> integrate bruteforceblocker.

Wow.  I can see some advantages either way, but I can't see any
differences on those grounds.  After all, rule numbers *aren't*
required in ipfw (even the example script doesn't use them).  And
bruteblock works with ipfw in *very* much the same way that
bruteforceblock does with pf.