From owner-freebsd-questions@FreeBSD.ORG Wed Nov 1 06:33:24 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9680816A508 for ; Wed, 1 Nov 2006 06:33:24 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8897A43D49 for ; Wed, 1 Nov 2006 06:33:23 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by nf-out-0910.google.com with SMTP id p77so547082nfc for ; Tue, 31 Oct 2006 22:33:22 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=rRjCRu83BviCov/XQ2zd2kEI2cLxZZPj6Kq2YDZIr4zbnhgxSGb+/5iOhANCmi0LUidYAdc1wRERiFcwxqqb/4K0ssmAk0jWN8ywsTDTm/vh9of4P5TxR/e3kmTrHmpg4+KRnAedRp+XrnXa5y7c6woIX4na0BMTnFxiIQD9BF4= Received: by 10.78.200.3 with SMTP id x3mr8349656huf; Tue, 31 Oct 2006 22:33:22 -0800 (PST) Received: by 10.78.167.16 with HTTP; Tue, 31 Oct 2006 22:33:22 -0800 (PST) Message-ID: Date: Wed, 1 Nov 2006 09:33:22 +0300 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Andy Greenwood" In-Reply-To: <3ee9ca710610300722y30e848f4g7b6f39ab91243e4b@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <3ee9ca710610300524y7db3dc1bg56e144b452d90dc@mail.gmail.com> <448xixrh53.fsf@be-well.ilk.org> <3ee9ca710610300722y30e848f4g7b6f39ab91243e4b@mail.gmail.com> X-Google-Sender-Auth: dd93917934ebe4c3 Cc: Lowell Gilbert , freebsd-questions@freebsd.org Subject: Re: IPFW and PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Nov 2006 06:33:24 -0000 On 10/30/06, Andy Greenwood wrote: > On 10/30/06, Lowell Gilbert wrote: > > "Andy Greenwood" top-posted: > > > > > On 10/28/06, David Schulz wrote: > > >> Hi all, > > >> > > >> IPFW seems to be the same IPFW that is used on MacOSX, so it seems to > > >> make sense to learn and lean on IPFW when using in a mixed Machine > > >> Environment. On the other side, many People seem to say PF is easier > > >> to manage once a setup gets complicated. As usual, both sides have > > >> their own valid points. My question though is not whether any of the > > >> two , IPFW of PF is better then the other, but which of the two do > > >> you use, and why? > > >> > > > > > PF, for two reasons. Firstly, because I don't have to mess with > > > arbitrary rule numbers; I can just scroll down the page and know that > > > rules will be executed in that order. Secondly becuase I can easily > > > integrate bruteforceblocker. > > > > Wow. I can see some advantages either way, but I can't see any > > differences on those grounds. After all, rule numbers *aren't* > > required in ipfw (even the example script doesn't use them). And > > bruteblock works with ipfw in *very* much the same way that > > bruteforceblock does with pf. > > Sorry, that should've been Altq, not bruteforceblocker. Altq is also there in ipfw :-)