From owner-freebsd-questions@FreeBSD.ORG Thu Jan 19 09:21:33 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48E7716A41F for ; Thu, 19 Jan 2006 09:21:33 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95AB643D58 for ; Thu, 19 Jan 2006 09:21:31 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [172.24.8.84] (generic.atosorigin.es [212.170.156.200]) by strange.daemonsecurity.com (Postfix) with ESMTP id 6A2082E0A5; Thu, 19 Jan 2006 10:21:30 +0100 (CET) Message-ID: <43CF5A52.2020100@locolomo.org> Date: Thu, 19 Jan 2006 10:22:26 +0100 From: Erik Norgaard User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Peter References: <20060119001447.31041.qmail@web60014.mail.yahoo.com> In-Reply-To: <20060119001447.31041.qmail@web60014.mail.yahoo.com> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions Subject: Re: How to tell if IPF is running? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 09:21:33 -0000 Peter wrote: > --- Erik Norgaard wrote: > >> Gable Barber wrote: >>> On 1/18/06, Peter wrote: >>>> Switch over to pf. >>>> >>> Why do you suggest PF over IPF? >>> >>> Hope I am not starting a war here.. but I am genuinely interested in >> the >>> opinions. >> I used IPF on FBSD until there was some bug in IPF for 5.x some version >> that forced me to switch after an upgrade. The bug has been fixed since >> but I have found no reason to go back. >> >> There are two things I miss from IPF: >> >> a) proper accounting: You can't count traffic correctly with stateful >> filtering on pf, pf will count when a rule is matched but once a state >> is established packets for that state are not matched and hence not >> counted. > > That's not true. Hi Peter, it would be quite useful if you would contribute with knowledge instead of empty claims. And if you don't care to explain in verbose mode, at least provide a link to where the knowledge is found. If I am wrong, I'd like to learn the solution. I need host based counting that distinguish up- and download. AFAIK this means I can't use tables and hence I have to reload the entire ruleset to add or remove a host. This is quite annoying compared to IPF where I can load or delete a single rule from the active ruleset - and thanks to groups, I can make sure a rule get inserted the right place. And, I still don't know the easy solution to get the numbers out. Of course there is a point in PF, namely that there is just one ruleset whereas in IPF filtering and accounting rules are separate. Cheers, Erik