From owner-freebsd-chat  Sat Sep 15  5: 7:52 2001
Delivered-To: freebsd-chat@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id 5A2E937B40A
	for <chat@FreeBSD.ORG>; Sat, 15 Sep 2001 05:07:47 -0700 (PDT)
Received: from hades.hell.gr (patr530-a020.otenet.gr [212.205.215.20])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f8FC7hd00256;
	Sat, 15 Sep 2001 15:07:43 +0300 (EEST)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id f8FB3Ek46097;
	Sat, 15 Sep 2001 14:03:14 +0300 (EEST)
	(envelope-from charon@labs.gr)
Date: Sat, 15 Sep 2001 14:03:13 +0300
From: Giorgos Keramidas <charon@labs.gr>
To: Jason Anthony Mifsud <jamifsud@superrpg.com>
Cc: chat@FreeBSD.ORG
Subject: Re: ipfw and ipf and pf
Message-ID: <20010915140313.A45993@hades.hell.gr>
References: <20010914232949.A45136@FATE>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010914232949.A45136@FATE>; from jamifsud@superrpg.com on Fri, Sep 14, 2001 at 11:29:49PM -0400
X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2
X-URL: http://students.ceid.upatras.gr/~keramida/index.html
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-chat.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-chat>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-chat>
X-Loop: FreeBSD.org

Jason Anthony Mifsud <jamifsud@superrpg.com> wrote:
> Hey all
> 
> I have ipfw running right now with no rules and have considered learning it,
> but I figured that ipf or pf is probably the way to go because they're more
> robust.

You seem to be prejudiced on this matter.
Why are you saying that ipf or pf[1] is more robust?

> Any suggestions comments?
>
> I've already read a breif tutorial on ipfw but I'd rather jump into the pro
> stuff if I can :)

Both ipf and ipfw can be a descent firewall.  They have similar features, and
what can be done in one of them, is also possible with the other for more or
Less all their features.  There is on thing that I know ipfw does, which ipf
cannot handle, and that it 'pipes'; a means of bandwidth-limiting.

Most people who choose the one over the other, do so for simple reasons
though.  Among the most frequent ones are:

  a) I like (ipf|ipfw) language better.
  b) I like ipf because it works on other Unixes too.
  c) I like ipfw because I use pipes all the time.

Really, the choise is yours.  I'd say, study them both, and choose what fits
yours needs better.

-giorgos

[1] There is `pf' in FreeBSD.  This is an OpenBSD packet filter.
    I dont know how it works, so I'm not commenting on it.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message