From owner-freebsd-net@FreeBSD.ORG Fri Sep 24 15:50:43 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18B2A16A5AB; Fri, 24 Sep 2004 15:50:43 +0000 (GMT) Received: from post5.inre.asu.edu (post5.inre.asu.edu [129.219.110.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 57D3F43D9D; Fri, 24 Sep 2004 15:50:38 +0000 (GMT) (envelope-from David.Bear@asu.edu) Received: from conversion.post5.inre.asu.edu by asu.edu (PMDF V6.1-1X6 #30769) id <0I4J00A01YIBNL@asu.edu>; Fri, 24 Sep 2004 08:46:59 -0700 (MST) Received: from smtp.asu.edu (smtp.asu.edu [129.219.110.107]) <0I4J009FYYIASO@asu.edu>; Fri, 24 Sep 2004 08:46:59 -0700 (MST) Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.69.200]) (8.12.10/8.12.10/asu_smtp_relay,nullclient,tcp_wrapped) with ESMTP id i8OFks71012650; Fri, 24 Sep 2004 08:46:54 -0700 (MST) Received: by moroni.pp.asu.edu (Postfix, from userid 500) id 7023DE37; Fri, 24 Sep 2004 08:46:33 -0700 (MST) Received: from post1.inre.asu.edu (post1.inre.asu.edu [129.219.110.72]) by imap1.asu.edu (8.11.0/8.11.0/asu_cyrus,tcp_wrapped) with ESMTP id g489GfE28797 for ; Wed, 08 May 2002 02:16:41 -0700 (MST) Received: from conversion.post1.inre.asu.edu by asu.edu (PMDF V6.1 #40110) david.bear@asu.edu) ; Wed, 08 May 2002 02:16:41 -0700 (MST) Received: from mx2.freebsd.org (mx2.FreeBSD.org [216.136.204.119]) by asu.edu (PMDF V6.1 #40110) with ESMTP id <0GVS00JA2CFT7A@asu.edu> for iddwb@IMAP1.ASU.EDU (ORCPT david.bear@asu.edu); Wed, 08 May 2002 02:16:41 -0700 (MST) Received: from hub.freebsd.org (hub.FreeBSD.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 1332A55FFF; Wed, 08 May 2002 02:16:37 -0700 Received: by hub.freebsd.org (Postfix, from userid 538) id BBAB437B403; Wed, 08 May 2002 02:16:22 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with SMTP id C34BB2E801F; Wed, 08 May 2002 02:16:21 -0700 (PDT) Received: by hub.freebsd.org (bulk_mailer v1.12); Wed, 08 May 2002 02:16:20 -0700 Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 85C5237B408; Wed, 08 May 2002 02:16:16 -0700 (PDT) Received: from cairo.anu.edu.au (localhost [127.0.0.1]) by cairo.anu.edu.au (8.12.0/8.12.0) with ESMTP id g489GD3g019357; Wed, 08 May 2002 19:16:13 +1000 (EST) Received: (from avalon@localhost) by cairo.anu.edu.au (8.12.0/8.12.0.Beta16) id g489GDec019355; Wed, 08 May 2002 19:16:13 +1000 (EST) From: Darren Reed In-reply-to: <20020507231529.8B55C2744@tesla.foo.is> Sender: owner-freebsd-security@FreeBSD.ORG To: dwbear75@gmail.com Message-id: <200205080916.g489GDec019355@cairo.anu.edu.au> MIME-version: 1.0 X-Mailer: ELM [version 2.5 PL1] Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit Precedence: bulk X-Loop: FreeBSD.org Delivered-to: freebsd-security@freebsd.org Old-To: baldur@foo.is (Baldur Gislason) Lines: 28 X-Keywords: cc: Tom Limoncelli cc: freebsd-security@FreeBSD.ORG cc: freebsd-net@FreeBSD.ORG Subject: Re: ipf vs. ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Fri, 24 Sep 2004 15:50:43 -0000 X-Original-Date: Wed, 08 May 2002 19:16:13 +1000 (Australia/NSW) X-List-Received-Date: Fri, 24 Sep 2004 15:50:43 -0000 In some mail from Baldur Gislason, sie said: > > ipfw is in no way related to the linux firewalls (ipfwadm, ipchains or > iptables). It is a specially designed firewall for FreeBSD. It isn't > dependent on ipf, it has it's own in-kernel mechanism. It has a totally > different syntax. Why FreeBSD has both I can't answer, ipfw and ipf each have > their own advantages over each other. In my experience, ipfw is easier to > work with, but it's also limited in some ways. Ipf tends to have a more > complex ruleset, and more stateful functionality (ipfw can do stateful > filtering but ipf has more customisable state keeping rules IIRC), however > ipfw does have the ability to apply rules by uid's if you're doing a firewall > for the local machine, and it does have a packet/byte counter for each > individual rule. I'm not sure how this is with ipf as I haven't used is as > much as I have used ipfw. ipf has a completely separate set of rules you can use for accounting and is minus any os-specific hacks (such as uid filtering) ipfw does share its roots with the linux ipfw but linux long ago dropped its one and the freebsd one is now much different. ipf used to be more "leading edge" than any of the others and hence offered more features and a bigger coolness factor but I've been slack for the last year or two on that front. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message