Date: Fri, 12 Oct 2001 20:22:45 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Kenneth Wayne Culver <culverk@wam.umd.edu> Cc: Michael Sierchio <kudzu@tenebras.com>, Henrik Holmstam <turbo@lamering.org>, Alfatrion <alfatrion@cybertron.tmfweb.nl>, "Maine LOA List Admin (Brent Bailey)" <brentb@loa.com>, "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>, freebsd-questions@FreeBSD.ORG Subject: Re: IPFW or IPFILTER? Message-ID: <Pine.BSF.4.21.0110122006480.6852-100000@cody.jharris.com> In-Reply-To: <Pine.GSO.4.21.0110121642070.19241-100000@rac4.wam.umd.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Oct 2001, Kenneth Wayne Culver wrote: > I suppose another big reason that I started using ipfilter is it's > performance... for me and for what we do through our FreeBSD router > (with gaming through the nat) ipfw + natd just wasn't cutting it. I don't buy that...let's see some numbers people... Since everyone is giving their opinions, I might as well share mine as well. Even though, this conversation does not belong on -stable. Hell, it doesn't even belong on -questions. More like -chat or something. But anyway I'm a big IPFW fan because : 1) it is simple and straightforward. IPFILTER has ipf, ipfstat, ipmon, ipnat...what a head-ache. IPFW has ipfw... 2) IPFW can bring packets out of the Kernel into userland via divert...this can be a very powerful interface that only a few things use that I know of, one of them being natd. Of course, this could be dangerous too. 3) It comes as a kernel module. I'm tired of building a kernel on every machine to enable IPFILTER. 4) Bandwidth control 5) Bridging firewalls Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0110122006480.6852-100000>