From owner-freebsd-hackers  Wed Aug 14 16:02:44 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA01990
          for hackers-outgoing; Wed, 14 Aug 1996 16:02:44 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA01978
          for <hackers@freebsd.org>; Wed, 14 Aug 1996 16:02:39 -0700 (PDT)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.5/8.7.3) id JAA06607; Thu, 15 Aug 1996 09:02:34 +1000 (EST)
Date: Thu, 15 Aug 1996 09:02:33 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: hackers@freebsd.org
Subject: Re: ipfw vs ipfilter?
In-Reply-To: <199608142231.PAA00154@freefall.freebsd.org>
Message-ID: <Pine.BSF.3.91.960815085157.6553D-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Well, it looks like I'm the lone voice in favour of ipfw, for a specific
purpose, anyway.  I much prefer Poul-Henning's (partial)rewrite of ipfw
over Ugen's syntax, but am in the process of converting a firewall to
ipfilter from Ugen's ipfw (FreeBSD 2.1.0). 

There are a couple of things which I prefer in ipfw-current over ipfilter:
* The ability to number each rule and insert rules into the middle of the 
rule table without the need for flush/re-install.
* The clear accounting details available which are listed by rule number.

I'm currently using the latter to do accounting for my ISP business.  
Because each rule is numbered, it is easy (in perl) to relate rule 
numbers to customers.

I'll confess that I have not investigated the ipfilter accounting yet, 
but I *do* like Poul-Henning's rule numbers in ipfw.  Any chance of 
having numbered rules, Darren?

Danny