From owner-freebsd-questions Fri Oct 12 7:19:11 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pickup3-ld.pvd.loa.net (pickup.loa.com [199.171.167.59]) by hub.freebsd.org (Postfix) with SMTP id F0E2737B40A for ; Fri, 12 Oct 2001 07:19:03 -0700 (PDT) Received: (qmail 13651 invoked by uid 0); 12 Oct 2001 14:19:02 -0000 Received: from unknown (HELO pretorian) ([208.130.43.221]) (envelope-sender ) by pickup3-ld.pvd.loa.net (qmail-ldap-1.03) with SMTP for <>; 12 Oct 2001 14:19:02 -0000 Message-ID: <003601c15328$db264480$24b4a8c0@pretorian> From: "Maine LOA List Admin (Brent Bailey)" To: "Hartmann, O." , Cc: References: <20011012154307.O52936-100000@klima.physik.uni-mainz.de> Subject: Re: IPFW or IPFILTER? Date: Fri, 12 Oct 2001 10:18:46 -0400 Organization: Log On America MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I tried IPFILTER for awhile ...and it very easy to use...but ..in my opinion it isnt as configurable as IPFW. IPFW is a little more to setup ...but still pretty easy ...and the syntax isnt that hard to understand. Its best feature is its VERY configurable...and as long as you keep logging to a minimum ...it doesnt use alot of resources. Seems its memeory intensive than anything ...running a firewall that is Brent ----- Original Message ----- From: "Hartmann, O." To: Cc: Sent: Friday, October 12, 2001 9:46 AM Subject: IPFW or IPFILTER? > Hello. > > Please do not understand this question as a question of what I believ in, > it is simply a question of what to use for best performance. > > FreeBSD uses two filtering systems, ipfw and ipfilter and each of these > both systems has its own adavantages and disadvantages. ipfilter seems to > be more sophisticated in how to write rules. > At the moment, we use ipfw around here due to the easy rule syntax. But > that is not that what should be the main argument. I want to ask for the > performance, mean the throughput/bandwith. Does anyone know something > about the bandwith of both filters? What are the pro and contras? > > Thanks, > Oliver > > -- > MfG > O. Hartmann > > ohartman@klima.physik.uni-mainz.de > ---------------------------------------------------------------- > IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) > ---------------------------------------------------------------- > Johannes Gutenberg Universitaet Mainz > Becherweg 21 > 55099 Mainz > > Tel: +496131/3924662 (Maschinenraum) > Tel: +496131/3924144 > FAX: +496131/3923532 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message