From owner-freebsd-stable  Sun Oct  8 20:22:36 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from front001.cluster1.charter.net (24-216-159-200.hsacorp.net [24.216.159.200])
	by hub.freebsd.org (Postfix) with ESMTP id 2A54037B503
	for <freebsd-stable@freebsd.org>; Sun,  8 Oct 2000 20:22:33 -0700 (PDT)
Received: from [24.217.130.214] (HELO dave)
  by front001.cluster1.charter.net (CommuniGate Pro SMTP 3.3.2)
  with SMTP id 1144212; Sun, 08 Oct 2000 23:21:50 -0400
From: David Uhring <duhring@charter.net>
To: "Brandon D. Valentine" <bandix@looksharp.net>,
	Gerhard Sittig <Gerhard.Sittig@gmx.net>
Subject: Re: ipf vs. ipfw ?
Date: Sun, 8 Oct 2000 22:21:49 -0500
X-Mailer: KMail [version 1.1.94]
Content-Type: text/plain
Cc: freebsd-stable@FreeBSD.ORG
References: <Pine.BSF.4.21.0010082235080.3908-100000@turtle.looksharp.net>
In-Reply-To: <Pine.BSF.4.21.0010082235080.3908-100000@turtle.looksharp.net>
MIME-Version: 1.0
Message-Id: <00100822214900.00376@dave>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 08 Oct 2000, Brandon D. Valentine wrote:
> On Sun, 8 Oct 2000, Gerhard Sittig wrote:
> >- are you already familiar with one of the languages, do you
> >  already use one or the other?  i.e. how much work is it for you
> >  to use "the other" or is either one the first effort you spend?
>
> Just to interject a brief comment, one of the main strongpoints of ipf
> as I see it is that it is multiplatform.  This is nice because if your
> firewall dies, you can pull a box from just about anywhere, maybe
> reconfigure the hardware a bit, and drop in your existing ipf rules,
> regardless of what OS that box is running.  For instance, if you had a
> FreeBSD firewall running ipf and it died, you could easily pull the
> linux/irix/openbsd/netbsd/etc box out of the cube down the hall and not
> have to spend time rewriting your rules.  Whereas stuff like ipchains,
> ipfw, and other similiar solutions mean you have to have the same OS at
> all times.
>
> Brandon D. Valentine

I don't know about irix and etc, but unless you are running a 2.0.xx kernel 
on that Linux box, you are not going to be able to use IPFilter.  And I doubt 
there are many boxen still running the 2.0.xx kernel.  There weren't all that 
many Linux users before the 2.2.xx kernels came out, and IPFilter will not 
work with a 2.2.xx kernel.

Dave



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message