Date: Wed, 8 May 2002 02:19:48 +0200 From: "Aragon Gouveia" <aragon@phat.za.net> To: <freebsd-security@freebsd.org> Cc: "Tom Limoncelli" <tal@lumeta.com> Subject: Re: ipf vs. ipfw Message-ID: <001101c1f626$10d61420$01000001@aragon> References: <3CD8558E.2FA68C36@lumeta.com> <20020507231529.8B55C2744@tesla.foo.is>
next in thread | previous in thread | raw e-mail | index | archive | help
Also, ipfw is the interface to FreeBSD's very cool dummynet(4) traffic shaper. I haven't used ipf personally. Does it have builtin support for traffic shaping? Weighted Fair Queueing? Regards, Aragon ----- Original Message ----- From: "Baldur Gislason" <baldur@foo.is> To: "Tom Limoncelli" <tal@lumeta.com> Cc: <freebsd-security@freebsd.org>; <freebsd-net@freebsd.org> Sent: Wednesday, May 08, 2002 1:15 AM Subject: Re: ipf vs. ipfw > ipfw is in no way related to the linux firewalls (ipfwadm, ipchains or > iptables). It is a specially designed firewall for FreeBSD. It isn't > dependent on ipf, it has it's own in-kernel mechanism. It has a totally > different syntax. Why FreeBSD has both I can't answer, ipfw and ipf each have > their own advantages over each other. In my experience, ipfw is easier to > work with, but it's also limited in some ways. Ipf tends to have a more > complex ruleset, and more stateful functionality (ipfw can do stateful > filtering but ipf has more customisable state keeping rules IIRC), however > ipfw does have the ability to apply rules by uid's if you're doing a firewall > for the local machine, and it does have a packet/byte counter for each > individual rule. I'm not sure how this is with ipf as I haven't used is as > much as I have used ipfw. > > Baldur > > On Tuesday 07 May 2002 22:30, you wrote: > > I use ipf, and recently some people have asked me about ipfw that I > > couldn't answer. Hopefully people on this list can enlighten me. > > > > Are ipf and ipfw different interfaces to the same in-kernel filtering > > mechanism? It doesn't look like it is, but I'd like that confirmed. > > > > Is ipfw related at all to the Linux ipfw? The syntax looks the same, > > but the man page doesn't mention Linux. > > > > Why does FreeBSD have both? Is it because ipf is generic (ported to > > Solaris, IRIX, OpenBSD, etc) and ipfw is specifically designed for > > FreeBSD? > > > > Thanks in advance! > > --tal > > > > P.S. I'm collecting data here: > > http://whatexit.org/tal/mywritings/freefilters.html > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001101c1f626$10d61420$01000001>