Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Aug 2004 18:25:46 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Stefan Cars <stefan@snowfall.se>
Cc:        questions@freebsd.org
Subject:   Re: ipfw2 or ipfilter
Message-ID:  <20040816172546.GA86466@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <20040816184529.Q45254@pluring.snowfall.se>
References:  <20040816184529.Q45254@pluring.snowfall.se>
next in thread | previous in thread | raw e-mail | index | archive | help 

--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 16, 2004 at 06:46:23PM +0200, Stefan Cars wrote:

> I'm looking into if I should go with ipfw2 or ipfilter, anyone that could
> point me to some links or tell me pro's and con's (both feature and
> performance wise).

Unless your running quite a complicated setup or have specific
requirements then there isn't really any preference for one over the
other.  If you're running a typical home system, even with say, a
10Mbit/s cable modem connection, any reasonably modern FreeBSD machine
is going to be able to do firewall filtering without breaking into a
sweat.  You'ld need so quite fancy hardware to detect performance
differences between the two.

Probably the biggest reason to choose one over the other is simple
personal preference between the different rule-set styles.  ipfw is
'first match wins' (hence rule sets tend to be ordered from most to
least specific).  ipfilter is 'last match wins', so the most general
rules tend to go at the top of rulesets -- although there are special
'quick' rules that can shortcut the process.

In general both firewalls have very similar functionality.  ipfw(8)
can act as a filtering bridge and it can provide weighted fair queuing
and bandwidth limited pipes in conjunction with dummynet(4).  ipfilter
seems to have more complete IPv6 support than ip6fw.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQFBIO4aiD657aJF7eIRAoC7AJ96jq4DxIi1zfuMofYOFEloLQnGGACcDJ/M
5HXnLV0TowpsJAwp0c6OWFQ=
=nf2F
-----END PGP SIGNATURE-----

--sdtB3X0nJg68CQEu--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040816172546.GA86466>