Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Jan 2001 12:57:25 -0500
From:      Tim McMillen <timcm@umich.edu>
To:        Danny Pansters <danny@ricin.com>, =?iso-8859-1?q?Jes=FAs=20Arn=E1iz?= <arnaiz@encomix.es>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: ipf
Message-ID:  <01012512572503.25766@tim.elnsng1.mi.home.com>
In-Reply-To: <01012517111503.17676@ricin.localnet>
References:  <014d01c086be$a201a960$4200a8c0@jesus> <01012517111503.17676@ricin.localnet>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday January 25, 2001 11:11, Danny Pansters wrote:
> > Is there any application similar to ipf in linux? (one that uses
> > the same sintaxis not as ip-chains)
>
> The new 2.4 kernel has someting called iptables. I've read that it
> supports stateful inspection like ipf. There was a discussion on
> www.slashdot.org last Monday Januari 22 about it. Many people said
> ipf "did all that years ago", but i don't use Debian any more so I
> haven't tried it myself.
>
> > and, what are the advantages using one or other?
>
> ipf is likely more stable and better documented at this time.
> Plus the easy syntax is hard to beat.

Yes the general conclusion of the slashdot war was that ipf still has 
much better syntax.  It is very complicated to do many things in 
iptables that it is simpler to do in ipf.
	There may be examples the other way around, but the general idea was 
there wasn't many.  The attitude was yeah, well, we use Linux and at 
least now we *have* a stateful firewalling utility.
	It's pretty new so I would guess it to not be too bug free yet, and I 
would also think it is not terribly well documented yet.  Contrast that 
with:
http://www.obfuscation.org/ipf/
	I don't have any experience with IPtables and don't plan too, so I'm 
just going on what I've read, so take it for what it's worth.

						Tim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01012512572503.25766>