From owner-freebsd-net  Tue May  7 16:15:45 2002
Delivered-To: freebsd-net@freebsd.org
Received: from tesla.foo.is (tesla.reverse-bias.org [217.151.166.96])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6B3F537B408; Tue,  7 May 2002 16:15:36 -0700 (PDT)
Received: from there (eniac.foo.is [192.168.1.25])
	by tesla.foo.is (Postfix) with SMTP
	id 8B55C2744; Tue,  7 May 2002 23:15:29 +0000 (GMT)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Baldur Gislason <baldur@foo.is>
To: Tom Limoncelli <tal@lumeta.com>
Subject: Re: ipf vs. ipfw
Date: Tue, 7 May 2002 23:15:17 +0000
X-Mailer: KMail [version 1.3.2]
References: <3CD8558E.2FA68C36@lumeta.com>
In-Reply-To: <3CD8558E.2FA68C36@lumeta.com>
Cc: freebsd-security@freebsd.org, freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20020507231529.8B55C2744@tesla.foo.is>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

ipfw is in no way related to the linux firewalls (ipfwadm, ipchains or 
iptables). It is a specially designed firewall for FreeBSD. It isn't 
dependent on ipf, it has it's own in-kernel mechanism. It has a totally 
different syntax. Why FreeBSD has both I can't answer, ipfw and ipf each have 
their own advantages over each other. In my experience, ipfw is easier to 
work with, but it's also limited in some ways. Ipf tends to have a more 
complex ruleset, and more stateful functionality (ipfw can do stateful 
filtering but ipf has more customisable state keeping rules IIRC), however 
ipfw does have the ability to apply rules by uid's if you're doing a firewall 
for the local machine, and it does have a packet/byte counter for each 
individual rule. I'm not sure how this is with ipf as I haven't used is as 
much as I have used ipfw.

Baldur

On Tuesday 07 May 2002 22:30, you wrote:
> I use ipf, and recently some people have asked me about ipfw that I
> couldn't answer.  Hopefully people on this list can enlighten me.
>
> Are ipf and ipfw different interfaces to the same in-kernel filtering
> mechanism?  It doesn't look like it is, but I'd like that confirmed.
>
> Is ipfw related at all to the Linux ipfw?  The syntax looks the same,
> but the man page doesn't mention Linux.
>
> Why does FreeBSD have both?  Is it because ipf is generic (ported to
> Solaris, IRIX, OpenBSD, etc) and ipfw is specifically designed for
> FreeBSD?
>
> Thanks in advance!
> --tal
>
> P.S.  I'm collecting data here:
> http://whatexit.org/tal/mywritings/freefilters.html
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message