Date: Tue, 21 Aug 2001 05:55:44 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: freebsd-security@freebsd.org Subject: Re: ipf / ipfw Which to use? Message-ID: <20010821055544.A24214@sheol.localdomain>
next in thread | raw e-mail | index | archive | help
On 21 Aug 2001 09:42:18 +0000, wkb@freebie.xs4all.nl wrote:
> On Tue, Aug 21, 2001 at 11:34:36AM +0200, Carroll, D. (Danny) wrote:
> > I've been playing with both of these and I was wondering why are both
> > available?
> > They *seem* to do almost the same thing although ipfw is much more
> > *tweakable*...
> >
> > What's the difference between the two and how should I decide which I
> > should be using...?
>
> Largely it is a matter of taste. Ipfilter is multiplatform, ipfw is
> FreeBSD-only. You can also combine the 2 (e.g. if you want IPfilter and
> dummynet at the same time).
It's also a matter of efficiency; ipfilter does it all in the kernel, as
opposed to the packets having to go to userland and back for 'ipfw' to
play with them.
<extrapolation>
It therefore seems to me ipfilter might be more secure, as it can't be
compromised by userland?
</extrapolation>
Personally, I think ipfilter more "tweakable" and/or capable, but that's
just my opinion.
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010821055544.A24214>