Date: Sun, 8 Oct 2000 22:43:59 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-stable@freebsd.org Subject: Re: ipf vs. ipfw ? Message-ID: <20001008224359.R31338@speedy.gsinet> In-Reply-To: <20001008025913.A29388@intelenet.net>; from matthew@intelenet.net on Sun, Oct 08, 2000 at 02:59:13AM -0700 References: <20001008025913.A29388@intelenet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 08, 2000 at 02:59 -0700, matthew zeier wrote: > > Can anyone tell me the differences between ipf and ipfw ? > Which is "better" ? The fact that you put quotes around the 'better' term shows you are aware that "more appropriate" is the better :) phrasing. There's no anytime-better-tool but maybe one that fits _your_ situation more than another. As I can see (keep in mind neither am I part of the ipf nor the ipfw development) it's like this: - ipfw comes with FreeBSD, has done so for quite some time and is integrated into the startup sequence - ipfw does exist for FreeBSD only (??? I'm not sure of this - it's more of an impression - , but surely this will get corrected in case I'm wrong) - ipfw has learned about stateful inspection recently - ipf comes from different platforms and "by chance" runs on FreeBSD, too (although Darren can comment much better on how much work it is to incorporate it into the network stack) - utilizing ipf in FreeBSD takes some rc files editing by the admin right now, but hopefully this will chance soon (see the conf/20202 PR) - ipf has had stateful inspection right from the start and has been around with this feature for quite some time There are some issues (maybe non-issues) with bridging, portability, etc others are better in commenting at. From my perspective it boils down to: - are you already familiar with one of the languages, do you already use one or the other? i.e. how much work is it for you to use "the other" or is either one the first effort you spend? - does one of them lack a feature you need? (IIRC ipf doesn't cope with the dummy interface you need for load balancing or rate limiting, this could be a reason for you to deny its use right away) Everything else is up to you ... virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001008224359.R31338>