From owner-freebsd-questions Mon Aug 26 7: 1: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE5BC37B400 for ; Mon, 26 Aug 2002 07:01:02 -0700 (PDT) Received: from perimeter.co.za (obelix.perimeter.co.za [209.212.102.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECA2F43E6E for ; Mon, 26 Aug 2002 07:00:55 -0700 (PDT) (envelope-from bsd@perimeter.co.za) Received: from PATRICK (gateway.mip.co.za [209.212.102.245]) (AUTH: LOGIN bsd@perimeter.co.za) by perimeter.co.za with esmtp; Mon, 26 Aug 2002 16:00:51 +0200 Message-ID: <003a01c24d09$376c6410$b50d030a@PATRICK> From: "Patrick O'Reilly" To: "bill" , freebsd-questions@FreeBSD.ORG References: <3D69FA1B.3306.14CD15AE@localhost> Subject: Re: ipfw, ipfilter Date: Mon, 26 Aug 2002 16:02:24 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG From: "bill" > I am used to using ipfilter, but note in rc.conf ipfw is enabled. Is this a > different firewall, or something different ? Different Packet-Filtering Firewall. > Do I need to do anything to enable ipfilter besides override the ipfilter entry in > /etc/defaults/rc.conf in /etc/rc.conf and write the ipfilter rules ? No - I don't think you need to do any more than you have said. > Should I, do I need to disable ifpw ? No, though you probably want to choose one or the other, unless you are a belt&braces kind of guys :) It is worth noting that ipf and ipfw each have their own dvantages. ipf uses ipnat for NAT. ipnat runs in the kernel, and so provides superior performance. ipfw uses natd for NAT. natd is a daemon running in userland, and so is not as fast as ipnat. Of course, this performance difference is probably only of concern if your gateway is really heavily loaded. ipfw has a traffic-shaping capability, which (AFAIK) ipf does not have. See DUMMYNET if you want to know more. > Please take my ignorance with kindness and point out anything I have > forgotten to ask about. Regards, Patrick O'Reilly. ___ _ __ / _ )__ __ (_)_ __ ___ _/ /____ __ / __/ -_) _) / ~ ) -_), ,-/ -_) _) /_/ \__/_//_/_/~/_/\__/ \__/\__/_/ http://www.perimeter.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message