From owner-freebsd-pf@FreeBSD.ORG  Sat Dec 11 17:27:00 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2593816A4CE
	for <freebsd-pf@freebsd.org>; Sat, 11 Dec 2004 17:27:00 +0000 (GMT)
Received: from mproxy.gmail.com (mproxy.gmail.com [216.239.56.242])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EC53F43D54
	for <freebsd-pf@freebsd.org>; Sat, 11 Dec 2004 17:26:59 +0000 (GMT)
	(envelope-from mclone@gmail.com)
Received: by mproxy.gmail.com with SMTP id x71so140975cwb
        for <freebsd-pf@freebsd.org>; Sat, 11 Dec 2004 09:26:59 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
	b=H0GjysL7+ZG3nKJW6+fEE6YdvDaSYS2WpQEFwawaLFSCrA6K6VJI7VIFNujgM4TXJhbkf/iLNoStd2xusr35hytD4gIJ1w7j07invG8wfVGlF3jv8fP9p8Q8h9f1dU/ivhIGu5PrfG2ggk2DgQZ3Go7jN7Kx4jGBKsVGQoB7E/E=
Received: by 10.11.100.69 with SMTP id x69mr335088cwb;
        Sat, 11 Dec 2004 09:26:59 -0800 (PST)
Received: by 10.11.98.55 with HTTP; Sat, 11 Dec 2004 09:26:59 -0800 (PST)
Message-ID: <451cb3010412110926238827de@mail.gmail.com>
Date: Sat, 11 Dec 2004 19:26:59 +0200
From: McLone the Great <mclone@gmail.com>
To: freebsd-pf@freebsd.org
In-Reply-To: <451cb3010412110737382bf5d9@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <6.2.0.7.1.20041211171714.02128e78@pop.phreaker.net>
	 <451cb3010412110737382bf5d9@mail.gmail.com>
Subject: Re: ipfw vs ipfilter
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: McLone the Great <mclone@gmail.com>
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Dec 2004 17:27:00 -0000

On Sat, 11 Dec 2004 17:22:38 +0300, Castl Troy <mastah@phreaker.net> wrote:
> Can anybody help me with understanding the difference between
> ipfilter(ipf) and ipfirewall (ipfw).
the main differences is [imho]
- ipf is last-match, ipfw is first-match filters
- ipf runs on many unices, ipfw is FreeBSD project

by last match i mean packet goes thru _all_ rules, and not exits
processing chain after first successfull rule match like in
ipchains/iptables

> Any link to docs or info will greatly help me.
obfuscation.org/ipf/

> I use FreeBSD for almost 5 years, but i used only ipfw for packet
> routing and never use ipfilter for this.
routing is done by kernel, not filter btw.

> I wonder is it "internal" packet routing mechanism or maybe it is
> just for compatibility with OpenBSD?
as of 3.0 OpenBSD switched from ipf to PF (which i use on FreeBSD). Read
openbsd.org/faq/pf/ - it's powerfull!

-- 
wbr,                        |\      _,,,---,,_           dog bless ya!
`                       Zzz /,`.-'`'    -.  ;-;;,_
McLone at GMail dot com    |,4-  ) )-,_. ,\ (  `'-'
  net- and *BSD admin     '---''(_/--'  `-'\_)   ...sorry for translit