From owner-freebsd-questions@FreeBSD.ORG Thu Jan 19 16:05:34 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1910716A41F for ; Thu, 19 Jan 2006 16:05:34 +0000 (GMT) (envelope-from petermatulis@yahoo.ca) Received: from web60017.mail.yahoo.com (web60017.mail.yahoo.com [209.73.178.65]) by mx1.FreeBSD.org (Postfix) with SMTP id 81DE943D45 for ; Thu, 19 Jan 2006 16:05:33 +0000 (GMT) (envelope-from petermatulis@yahoo.ca) Received: (qmail 97834 invoked by uid 60001); 19 Jan 2006 16:05:29 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.ca; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=qJUs/FMsNWEkCZh/sn+O7tsTq/uwsKQmNLSu/reM64ismZMWbnK8pdV5wTidHfV82YG5sWfuOR85lVBokAwpWOq8a7Nf40UZIrTR5Ybzc+Lgs6m6Fz1FNQYJWjDUR5EqIht+t73/UEjGuCDBB8HC0dVXBdQJ5fPLBiQwBLjHOCE= ; Message-ID: <20060119160529.97832.qmail@web60017.mail.yahoo.com> Received: from [216.252.85.69] by web60017.mail.yahoo.com via HTTP; Thu, 19 Jan 2006 11:05:29 EST Date: Thu, 19 Jan 2006 11:05:29 -0500 (EST) From: Peter To: Erik Norgaard In-Reply-To: <43CF5A52.2020100@locolomo.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-questions Subject: Re: How to tell if IPF is running? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 16:05:34 -0000 --- Erik Norgaard wrote: > Peter wrote: > > --- Erik Norgaard wrote: > > > >> Gable Barber wrote: > >>> On 1/18/06, Peter wrote: > >>>> Switch over to pf. > >>>> > >>> Why do you suggest PF over IPF? > >>> > >>> Hope I am not starting a war here.. but I am genuinely interested in > >> the > >>> opinions. > >> I used IPF on FBSD until there was some bug in IPF for 5.x some > version > >> that forced me to switch after an upgrade. The bug has been fixed > since > >> but I have found no reason to go back. > >> > >> There are two things I miss from IPF: > >> > >> a) proper accounting: You can't count traffic correctly with stateful > > >> filtering on pf, pf will count when a rule is matched but once a > state > >> is established packets for that state are not matched and hence not > >> counted. > > > > That's not true. > I need host based counting that distinguish up- and download. > And, I still don't know the easy solution to get the numbers out. > > Of course there is a point in PF, namely that there is just one ruleset > whereas in IPF filtering and accounting rules are separate. Use labels. I admit that accounting in pf can lead to a more messy ruleset. -- Peter __________________________________________________________ Find your next car at http://autos.yahoo.ca