From owner-freebsd-security Tue May 7 17:20:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from exodus.ait.co.za (exodus.ait.co.za [66.8.26.2]) by hub.freebsd.org (Postfix) with SMTP id 37E6B37B404 for ; Tue, 7 May 2002 17:20:17 -0700 (PDT) Received: from aragon [66.8.86.210] by exodus.ait.co.za (SMTPD32-4.06) id ADA0686D013E; Wed, 08 May 2002 02:19:28 0200 Message-ID: <001101c1f626$10d61420$01000001@aragon> From: "Aragon Gouveia" To: Cc: "Tom Limoncelli" References: <3CD8558E.2FA68C36@lumeta.com> <20020507231529.8B55C2744@tesla.foo.is> Subject: Re: ipf vs. ipfw Date: Wed, 8 May 2002 02:19:48 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Also, ipfw is the interface to FreeBSD's very cool dummynet(4) traffic shaper. I haven't used ipf personally. Does it have builtin support for traffic shaping? Weighted Fair Queueing? Regards, Aragon ----- Original Message ----- From: "Baldur Gislason" To: "Tom Limoncelli" Cc: ; Sent: Wednesday, May 08, 2002 1:15 AM Subject: Re: ipf vs. ipfw > ipfw is in no way related to the linux firewalls (ipfwadm, ipchains or > iptables). It is a specially designed firewall for FreeBSD. It isn't > dependent on ipf, it has it's own in-kernel mechanism. It has a totally > different syntax. Why FreeBSD has both I can't answer, ipfw and ipf each have > their own advantages over each other. In my experience, ipfw is easier to > work with, but it's also limited in some ways. Ipf tends to have a more > complex ruleset, and more stateful functionality (ipfw can do stateful > filtering but ipf has more customisable state keeping rules IIRC), however > ipfw does have the ability to apply rules by uid's if you're doing a firewall > for the local machine, and it does have a packet/byte counter for each > individual rule. I'm not sure how this is with ipf as I haven't used is as > much as I have used ipfw. > > Baldur > > On Tuesday 07 May 2002 22:30, you wrote: > > I use ipf, and recently some people have asked me about ipfw that I > > couldn't answer. Hopefully people on this list can enlighten me. > > > > Are ipf and ipfw different interfaces to the same in-kernel filtering > > mechanism? It doesn't look like it is, but I'd like that confirmed. > > > > Is ipfw related at all to the Linux ipfw? The syntax looks the same, > > but the man page doesn't mention Linux. > > > > Why does FreeBSD have both? Is it because ipf is generic (ported to > > Solaris, IRIX, OpenBSD, etc) and ipfw is specifically designed for > > FreeBSD? > > > > Thanks in advance! > > --tal > > > > P.S. I'm collecting data here: > > http://whatexit.org/tal/mywritings/freefilters.html > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message