Date: Thu, 25 Jan 2001 12:57:25 -0500 From: Tim McMillen <timcm@umich.edu> To: Danny Pansters <danny@ricin.com>, =?iso-8859-1?q?Jes=FAs=20Arn=E1iz?= <arnaiz@encomix.es> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipf Message-ID: <01012512572503.25766@tim.elnsng1.mi.home.com> In-Reply-To: <01012517111503.17676@ricin.localnet> References: <014d01c086be$a201a960$4200a8c0@jesus> <01012517111503.17676@ricin.localnet>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday January 25, 2001 11:11, Danny Pansters wrote: > > Is there any application similar to ipf in linux? (one that uses > > the same sintaxis not as ip-chains) > > The new 2.4 kernel has someting called iptables. I've read that it > supports stateful inspection like ipf. There was a discussion on > www.slashdot.org last Monday Januari 22 about it. Many people said > ipf "did all that years ago", but i don't use Debian any more so I > haven't tried it myself. > > > and, what are the advantages using one or other? > > ipf is likely more stable and better documented at this time. > Plus the easy syntax is hard to beat. Yes the general conclusion of the slashdot war was that ipf still has much better syntax. It is very complicated to do many things in iptables that it is simpler to do in ipf. There may be examples the other way around, but the general idea was there wasn't many. The attitude was yeah, well, we use Linux and at least now we *have* a stateful firewalling utility. It's pretty new so I would guess it to not be too bug free yet, and I would also think it is not terribly well documented yet. Contrast that with: http://www.obfuscation.org/ipf/ I don't have any experience with IPtables and don't plan too, so I'm just going on what I've read, so take it for what it's worth. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01012512572503.25766>