Date: Wed, 1 Nov 2006 09:33:22 +0300 From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org> To: "Andy Greenwood" <greenwood.andy@gmail.com> Cc: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>, freebsd-questions@freebsd.org Subject: Re: IPFW and PF Message-ID: <cb5206420610312233w2b44e44bn7063328dcd0dda61@mail.gmail.com> In-Reply-To: <3ee9ca710610300722y30e848f4g7b6f39ab91243e4b@mail.gmail.com> References: <E4B019F7-1067-45C3-AF93-CF0980A57471@tca-cable-connector.com> <3ee9ca710610300524y7db3dc1bg56e144b452d90dc@mail.gmail.com> <448xixrh53.fsf@be-well.ilk.org> <3ee9ca710610300722y30e848f4g7b6f39ab91243e4b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/30/06, Andy Greenwood <greenwood.andy@gmail.com> wrote: > On 10/30/06, Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> wrote: > > "Andy Greenwood" <greenwood.andy@gmail.com> top-posted: > > > > > On 10/28/06, David Schulz <davidschulz@tca-cable-connector.com> wrote: > > >> Hi all, > > >> > > >> IPFW seems to be the same IPFW that is used on MacOSX, so it seems to > > >> make sense to learn and lean on IPFW when using in a mixed Machine > > >> Environment. On the other side, many People seem to say PF is easier > > >> to manage once a setup gets complicated. As usual, both sides have > > >> their own valid points. My question though is not whether any of the > > >> two , IPFW of PF is better then the other, but which of the two do > > >> you use, and why? > > >> > > > > > PF, for two reasons. Firstly, because I don't have to mess with > > > arbitrary rule numbers; I can just scroll down the page and know that > > > rules will be executed in that order. Secondly becuase I can easily > > > integrate bruteforceblocker. > > > > Wow. I can see some advantages either way, but I can't see any > > differences on those grounds. After all, rule numbers *aren't* > > required in ipfw (even the example script doesn't use them). And > > bruteblock works with ipfw in *very* much the same way that > > bruteforceblock does with pf. > > Sorry, that should've been Altq, not bruteforceblocker. Altq is also there in ipfw :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420610312233w2b44e44bn7063328dcd0dda61>