From owner-freebsd-security  Wed Mar  7 16: 2:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from eterna.binary.net (eterna.binary.net [216.229.0.25])
	by hub.freebsd.org (Postfix) with ESMTP id 8E22F37B719
	for <freebsd-security@freebsd.org>; Wed,  7 Mar 2001 16:02:24 -0800 (PST)
	(envelope-from nathan@binary.net)
Received: from matrix.binary.net (postfix@matrix.binary.net [216.229.0.2])
	by eterna.binary.net (8.11.2/8.9.1) with ESMTP id f2801gu87533
	for <freebsd-security@freebsd.org>; Wed, 7 Mar 2001 18:01:42 -0600 (CST)
Received: by matrix.binary.net (Postfix, from userid 1007)
	id 82EA383467; Wed,  7 Mar 2001 18:02:22 -0600 (CST)
Date: Wed, 7 Mar 2001 19:02:22 -0500
From: Nathan Dorfman <nathan@rtfm.net>
To: freebsd-security@freebsd.org
Subject: ipfw or ipf?
Message-ID: <20010307190222.A72795@rtfm.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi all,

What should I know before deciding on one of ipf or IPFW for
a -stable machine protecting a small network?

From what I recall, ipf had a few advantages like kernel-space
NAT, keeping TCP state, and portability. What does IPFW do
better than ipf? Are there any gross downsides to either?

Thanks.

-- 
Nathan Dorfman <nathan@rtfm.net>		[http://www.rtfm.net]
"The light at the end of the tunnel is the headlight of an approaching
train." --/usr/games/fortune

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message