Date: Wed, 18 Oct 2006 08:19:18 -0700 From: Joe <js.lists@gmail.com> To: John Levine <johnl@iecc.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw vs. ipf on a freebsd router Message-ID: <453645F6.7030401@gmail.com> In-Reply-To: <20061018151141.85327.qmail@simone.iecc.com> References: <20061018151141.85327.qmail@simone.iecc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Levine wrote: > I'm putting together a freebsd router to sit between my LAN and a T1. > The current router (still running BSD/OS) uses BSDI's ipfw, but that > died when BSDI did. It's about as simple a routing job as one could > ask, a T1 with a static address to a LAN with a static /24. > > I have a whole bunch of packet filtering rules on the current router > to keep out nasty stuff based partly on port numbers but also a couple > of hundred IP ranges from the SBL and elsewhere. I have enough IP > addresses that I do not need to NAT. > > What are the relative merits of freebsd's ipf and ipfw? It looks like > either can do the filtering I need to do. Any reason to choose one > over the other? > Take a look at PF. It was developed by OpenBSD and ported to FreeBSD.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?453645F6.7030401>