From owner-freebsd-questions Thu Jan 25 9:55:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from changeofhabit.mr.itd.umich.edu (changeofhabit.mr.itd.umich.edu [141.211.144.17]) by hub.freebsd.org (Postfix) with ESMTP id 8CF4137B6A0 for ; Thu, 25 Jan 2001 09:55:02 -0800 (PST) Received: from tim.elnsng1.mi.home.com (c1129767-a.elnsng1.mi.home.com [24.183.248.20]) by changeofhabit.mr.itd.umich.edu (8.9.3/3.2r) with SMTP id MAA19977; Thu, 25 Jan 2001 12:54:56 -0500 (EST) From: Tim McMillen To: Danny Pansters , =?iso-8859-1?q?Jes=FAs=20Arn=E1iz?= Subject: Re: ipf Date: Thu, 25 Jan 2001 12:57:25 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="iso-8859-1" Cc: freebsd-questions@FreeBSD.ORG References: <014d01c086be$a201a960$4200a8c0@jesus> <01012517111503.17676@ricin.localnet> In-Reply-To: <01012517111503.17676@ricin.localnet> MIME-Version: 1.0 Message-Id: <01012512572503.25766@tim.elnsng1.mi.home.com> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thursday January 25, 2001 11:11, Danny Pansters wrote: > > Is there any application similar to ipf in linux? (one that uses > > the same sintaxis not as ip-chains) > > The new 2.4 kernel has someting called iptables. I've read that it > supports stateful inspection like ipf. There was a discussion on > www.slashdot.org last Monday Januari 22 about it. Many people said > ipf "did all that years ago", but i don't use Debian any more so I > haven't tried it myself. > > > and, what are the advantages using one or other? > > ipf is likely more stable and better documented at this time. > Plus the easy syntax is hard to beat. Yes the general conclusion of the slashdot war was that ipf still has much better syntax. It is very complicated to do many things in iptables that it is simpler to do in ipf. There may be examples the other way around, but the general idea was there wasn't many. The attitude was yeah, well, we use Linux and at least now we *have* a stateful firewalling utility. It's pretty new so I would guess it to not be too bug free yet, and I would also think it is not terribly well documented yet. Contrast that with: http://www.obfuscation.org/ipf/ I don't have any experience with IPtables and don't plan too, so I'm just going on what I've read, so take it for what it's worth. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message