From owner-freebsd-net@FreeBSD.ORG  Wed Jun 30 17:57:41 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 118C216A4CE
	for <freebsd-net@freebsd.org>; Wed, 30 Jun 2004 17:57:41 +0000 (GMT)
Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0241243D45
	for <freebsd-net@freebsd.org>; Wed, 30 Jun 2004 17:57:41 +0000 (GMT)
	(envelope-from cswiger@mac.com)
Received: from mac.com (smtpin07-en2 [10.13.10.152])
	by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i5UHvUBC029822;
	Wed, 30 Jun 2004 10:57:30 -0700 (PDT)
Received: from [10.1.1.193] (nfw2.codefab.com [199.103.21.225] (may be
	forged))	(authenticated bits=0)i5UHvThp000166;
	Wed, 30 Jun 2004 10:57:30 -0700 (PDT)
In-Reply-To: <20040630_174750_040174.socrel@gmx.net>
References: <20040630_174750_040174.socrel@gmx.net>
Mime-Version: 1.0 (Apple Message framework v618)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <F3EC6703-CABE-11D8-9B33-003065ABFD92@mac.com>
Content-Transfer-Encoding: 7bit
From: Charles Swiger <cswiger@mac.com>
Date: Wed, 30 Jun 2004 13:57:29 -0400
To: socrel@gmx.net
X-Mailer: Apple Mail (2.618)
cc: freebsd-net@freebsd.org
Subject: Re: comparision of firewalling on Linux and FreeBSD
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2004 17:57:41 -0000

On Jun 30, 2004, at 1:47 PM, socrel@gmx.net wrote:
> Looking for considered comparisions of firewalling on Linux and 
> FreeBSD.

Hmm, what you should be considering is whether you want to use pf/IPF, 
or IPFW.  If IPFW makes more sense to you, use FreeBSD.  If you want to 
use IPF, either platform will do, but I'd still recommend FreeBSD.

> I am especially interested in learning about ease of connection 
> tracking

Like what, logging packets with the SYN bit set?  IPFW gives you that 
easily.

> and of getting packets into user space for analysis via scripts.

The BPF + tools like tcpdump, snort, and whatnot...

-- 
-Chuck