Date: Wed, 20 Jul 2005 17:13:24 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: Most wanted packet filter Message-ID: <200507201513.j6KFDO4M043525@lurza.secnetix.de> In-Reply-To: <38301.62.2.21.164.1121862149.squirrel@www.gwch.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Grosswiler <roger@gwch.net> wrote:
> [ipfw vs. ipf vs. pf]
In addition to the other replies, it is worth mentioning
that ipf (ipfilter) does not work reliably on SMP machines
under FreeBSD 5.x and 6.x (but 4.x should be fine), causing
random crashes when there is load.
Apparently this isn't going to change soon, because it is
a basic incompatibility between ipf and FreeBSD 5's SMP
which cannot easily be fixed.
Therefore I would recommend not to use ipf, unless you
don't need SMP and you're sure that you won't need it in
the foreseeable future. Since pf is nearly a superset of
ipf with similar syntax and improved features, I recommend
to use pf instead. Or ipfw, of course.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"That's what I love about GUIs: They make simple tasks easier,
and complex tasks impossible."
-- John William Chambless
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507201513.j6KFDO4M043525>