Date: Fri, 2 May 2008 19:11:24 -0500 From: "Zane C.B." <v.velox@vvelox.net> To: Bruce Cran <bruce@cran.org.uk> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Firewalls Message-ID: <20080502191124.578b7cfe@vixen42> In-Reply-To: <48162A6E.8050607@cran.org.uk> References: <05B6619C-9771-41EA-B43E-05DB40CB3258@lafn.org> <48162A6E.8050607@cran.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Apr 2008 20:50:06 +0100 Bruce Cran <bruce@cran.org.uk> wrote: > Doug Hardie wrote: > > FreeBSD supports 3 firewalls: IPF, IPFW, and PF. Some time ago > > (perhaps years) I seem to recall some discussion that one or more > > of those was better maintained and higher quality than the > > others. I don't see any indications of this in the handbook. > > Several years ago I needed to do traffic shaping and used IPFW > > with dummynet. It worked but the need eventually went away. > > More recently I needed to incorporate spamd which defaults to PF > > so I used that. However, now I am back to needing traffic > > shaping again. I suspect trying to use both PF and IPFW > > simultaneously will not be a good approach. In addition, there > > now are instructions for using spamd with IPFW so it appears that > > either PF or IPFW will do what I need. Is there any additional > > information available to assist in selecting between those? > > Thanks. > > As I understand it pf is often found to be easiest to use and has > lots of features like altq and os fingerprinting but is quite a bit > slower than ipfw. There is one thing that IPFW has that PF does not that I have found to be very handy at times. It can be used to setup firewall rules that only affect a specific group or user.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080502191124.578b7cfe>