Date: Sun, 8 Oct 2000 22:43:59 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-stable@freebsd.org Subject: Re: ipf vs. ipfw ? Message-ID: <20001008224359.R31338@speedy.gsinet> In-Reply-To: <20001008025913.A29388@intelenet.net>; from matthew@intelenet.net on Sun, Oct 08, 2000 at 02:59:13AM -0700 References: <20001008025913.A29388@intelenet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 08, 2000 at 02:59 -0700, matthew zeier wrote:
>
> Can anyone tell me the differences between ipf and ipfw ?
> Which is "better" ?
The fact that you put quotes around the 'better' term shows you
are aware that "more appropriate" is the better :) phrasing.
There's no anytime-better-tool but maybe one that fits _your_
situation more than another.
As I can see (keep in mind neither am I part of the ipf nor the
ipfw development) it's like this:
- ipfw comes with FreeBSD, has done so for quite some time and is
integrated into the startup sequence
- ipfw does exist for FreeBSD only (??? I'm not sure of this -
it's more of an impression - , but surely this will get
corrected in case I'm wrong)
- ipfw has learned about stateful inspection recently
- ipf comes from different platforms and "by chance" runs on
FreeBSD, too (although Darren can comment much better on how
much work it is to incorporate it into the network stack)
- utilizing ipf in FreeBSD takes some rc files editing by the
admin right now, but hopefully this will chance soon (see the
conf/20202 PR)
- ipf has had stateful inspection right from the start and has
been around with this feature for quite some time
There are some issues (maybe non-issues) with bridging,
portability, etc others are better in commenting at. From my
perspective it boils down to:
- are you already familiar with one of the languages, do you
already use one or the other? i.e. how much work is it for you
to use "the other" or is either one the first effort you spend?
- does one of them lack a feature you need? (IIRC ipf doesn't
cope with the dummy interface you need for load balancing or
rate limiting, this could be a reason for you to deny its use
right away)
Everything else is up to you ...
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001008224359.R31338>