Date: Fri, 2 May 2008 18:01:41 -0700 (PDT) From: Luke Dean <LukeD@pobox.com> To: "Zane C.B." <v.velox@vvelox.net> Cc: Bruce Cran <bruce@cran.org.uk>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Firewalls Message-ID: <20080502175312.O21313@border.lukas.is-a-geek.org> In-Reply-To: <20080502191124.578b7cfe@vixen42> References: <05B6619C-9771-41EA-B43E-05DB40CB3258@lafn.org> <48162A6E.8050607@cran.org.uk> <20080502191124.578b7cfe@vixen42>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2 May 2008, Zane C.B. wrote: > On Mon, 28 Apr 2008 20:50:06 +0100 > Bruce Cran <bruce@cran.org.uk> wrote: > >> Doug Hardie wrote: >>> FreeBSD supports 3 firewalls: IPF, IPFW, and PF. Some time ago >>> (perhaps years) I seem to recall some discussion that one or more >>> of those was better maintained and higher quality than the >>> others. I don't see any indications of this in the handbook. >>> Several years ago I needed to do traffic shaping and used IPFW >>> with dummynet. It worked but the need eventually went away. >>> More recently I needed to incorporate spamd which defaults to PF >>> so I used that. However, now I am back to needing traffic >>> shaping again. I suspect trying to use both PF and IPFW >>> simultaneously will not be a good approach. In addition, there >>> now are instructions for using spamd with IPFW so it appears that >>> either PF or IPFW will do what I need. Is there any additional >>> information available to assist in selecting between those? >>> Thanks. >> >> As I understand it pf is often found to be easiest to use and has >> lots of features like altq and os fingerprinting but is quite a bit >> slower than ipfw. > > There is one thing that IPFW has that PF does not that I have found > to be very handy at times. It can be used to setup firewall rules > that only affect a specific group or user. PF can do this too. There were threading/locking/crashing issues when last I tried to use that feature of PF back in FreeBSD 5.x, but that was a very long time ago.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080502175312.O21313>