Date: Tue, 21 Aug 2001 06:12:25 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: freebsd-security@freebsd.com Subject: Re: ipf / ipfw Which to use? Message-ID: <20010821061225.A24329@sheol.localdomain>
next in thread | raw e-mail | index | archive | help
On 21 Aug 2001 11:01:40 +0000, roam@ringlet.net wrote:
>
> On Tue, Aug 21, 2001 at 05:55:44AM -0500, D J Hawkey Jr wrote:
> >
> > On 21 Aug 2001 09:42:18 +0000, wkb@freebie.xs4all.nl wrote:
> > >
> > > Largely it is a matter of taste. Ipfilter is multiplatform, ipfw is
> > > FreeBSD-only. You can also combine the 2 (e.g. if you want IPfilter and
> > > dummynet at the same time).
> >
> > It's also a matter of efficiency; ipfilter does it all in the kernel, as
> > opposed to the packets having to go to userland and back for 'ipfw' to
> > play with them.
>
> ipfw does not process packets in userland.
>
> natd, as used with ipfw, processes NAT'd (diverted) packets in userland.
> ipnat, as used with ipfilter, processes NAT'd (diverted) packets in
> the kernel.
I stand corrected. Thanks.
> G'luck,
> Peter
You too,
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010821061225.A24329>