Date: Fri, 18 Aug 2000 13:18:33 -0500 (GMT-6:00) From: Jonathan Fosburgh <syjef@mail.mdanderson.org> To: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter v. ipfw Message-ID: <14749.32249.842000.944007@jef-nt.mdacc.tmc.edu> In-Reply-To: <20000818141256.A29131@pir.net> References: <000f01c00939$0dd7b480$b8209fc0@marlowe> <Pine.BSF.4.21.0008181054250.90214-100000@harlie.bfd.com> <20000818141256.A29131@pir.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Radcliffe writes: > "Eric J. Schwertfeger" <ejs@bfd.com> probably said: > > I've got firewalls in place with each kind. Personally, I find ipfw more > > flexible, especially now that it can track states. ipfw works on a first > > match engine, ipfilter works on a last match engine (I don't know why, it > > just means more work for the engine), though you can include an option to > > each rule to make it act first match. > > I found ipfw far too limiting, state tracking or otherwise. I do > use keep state in ipfilter quite happily. > > It also has a side advantage of being platform independant - I can use > the same rule files on my FreeBSD boxes and my Solaris boxes. > > P. > > -- > pir pir@pir.net pir@net.tufts.edu > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > I personally find ipfilter to be a lot easier to configure. I was never to create a firewall with ipfw that I could get out of. :( My ipfilter firewall works just fine (though it does have some problems when I go to single-user mode and then come back up, but I can fix that by going with the start/stop options in my /usr/local/etc/rc.d/ipf.sh. I find the rules for ipfilter easier to understand conceptually than ipfw. -- Jonathan Fosburgh Open Systems Communications and Computer Services MD Anderson Cancer Center Houston, TX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14749.32249.842000.944007>