Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 8 May 2002 19:16:13 +1000 (Australia/NSW)
From:      Darren Reed <avalon@cairo.anu.edu.au>
To:        baldur@foo.is (Baldur Gislason)
Cc:        tal@lumeta.com (Tom Limoncelli), freebsd-security@FreeBSD.ORG, freebsd-net@FreeBSD.ORG
Subject:   Re: ipf vs. ipfw
Message-ID:  <200205080916.g489GDec019355@cairo.anu.edu.au>
In-Reply-To: <20020507231529.8B55C2744@tesla.foo.is> from "Baldur Gislason" at May 07, 2002 11:15:17 PM

next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Baldur Gislason, sie said:
> 
> ipfw is in no way related to the linux firewalls (ipfwadm, ipchains or 
> iptables). It is a specially designed firewall for FreeBSD. It isn't 
> dependent on ipf, it has it's own in-kernel mechanism. It has a totally 
> different syntax. Why FreeBSD has both I can't answer, ipfw and ipf each have 
> their own advantages over each other. In my experience, ipfw is easier to 
> work with, but it's also limited in some ways. Ipf tends to have a more 
> complex ruleset, and more stateful functionality (ipfw can do stateful 
> filtering but ipf has more customisable state keeping rules IIRC), however 
> ipfw does have the ability to apply rules by uid's if you're doing a firewall 
> for the local machine, and it does have a packet/byte counter for each 
> individual rule. I'm not sure how this is with ipf as I haven't used is as 
> much as I have used ipfw.

ipf has a completely separate set of rules you can use for accounting and
is minus any os-specific hacks (such as uid filtering)

ipfw does share its roots with the linux ipfw but linux long ago dropped
its one and the freebsd one is now much different.

ipf used to be more "leading edge" than any of the others and hence offered
more features and a bigger coolness factor but I've been slack for the last
year or two on that front.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205080916.g489GDec019355>