Date: Wed, 20 Jul 2005 14:45:18 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: =?iso-8859-1?Q?K=F6vesd=E1n_G=E1bor?= <gabor.kovesdan@t-hosting.hu> Cc: freebsd-ipfw@freebsd.org, Roger Grosswiler <roger@gwch.net> Subject: Re: Most wanted packet filter Message-ID: <20050720124518.GV39292@obiwan.tataz.chchile.org> In-Reply-To: <42DE4444.7030904@t-hosting.hu> References: <38301.62.2.21.164.1121862149.squirrel@www.gwch.net> <42DE4444.7030904@t-hosting.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Roger, hi Kövesdán, > > i would like to know, which "firewall" is most wanted under freebsd. is it > > ipfw or is it ipf? > > > > i imagine, both have their advantages, but i would like to try first the > > most used because of support - poor rookie, i :-D > > Don't forget about the third one, called pf. ;) > It's a hard question. What does matter is which of them is best the *for > You*. As for me I use ipf and ipfw together. I think ipf is very easy to > configure but ipfw has more sophisticated features, for instance it can > be used for bandwith controlling via dummynet facility. As for pf, I > don't know it. pf's syntax is derived from ipf's one. It has number of powerful features that don't exist in either ipf or ipfw. By the way, I think (but not sure about it) that now pf feature are a kind of superset of ipf's ones. In particular, the ALTQ framework (traffic shapping and scheduling) is tightly bound to pf. I would say that the main advantage of ipf over the two others is its portability, since it has been ported to numerous platforms, from BSD to AIX, as well as Solaris, Linux and so on. pf only exists on FreeBSD since RELENG_5, FreeBSD 4.x ``only'' has ipf and ipfw. With ipfw, it is very easy to add or remove rules from command line, whereas ipf and pf require a configuration file (ipfw is also configurable through a file, of course). Its syntax is felt intuitive by number of people. This is ithe only firewall to be bound to Dummynet. It is regularly improved with new features (for instance it is now able to use ALTQ), and a number of other features lives in the PR [1]. Regards, [1] http://www.freebsd.org/cgi/query-pr-summary.cgi -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050720124518.GV39292>