From owner-freebsd-security Thu Jul 27 12:50: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from snafu.adept.org (adsl-63-201-63-44.dsl.snfc21.pacbell.net [63.201.63.44]) by hub.freebsd.org (Postfix) with ESMTP id 19BB937BD63 for ; Thu, 27 Jul 2000 12:50:04 -0700 (PDT) (envelope-from mike@adept.org) Received: by snafu.adept.org (Postfix, from userid 1000) id 4C9799EE01; Thu, 27 Jul 2000 12:49:58 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by snafu.adept.org (Postfix) with ESMTP id 48DF89B001; Thu, 27 Jul 2000 12:49:58 -0700 (PDT) Date: Thu, 27 Jul 2000 12:49:58 -0700 (PDT) From: Mike Hoskins To: Darren Reed Cc: Pavol Adamec , freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) In-Reply-To: <200007270800.SAA23526@cairo.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 27 Jul 2000, Darren Reed wrote: > IP Filter 4.0 will change that quite dramatically :-) What's the best place to go see a relatively thorough (unbiased would be nice too) comparison between the two? I.e. some webpage with a column of IPFW 'features' vs. a column of ipf 'features' or examples of rulesets doing the same thing for each showing one is/isn't more efficient... The only real reason I've heard ipf reccomended since ipfw got keep-state/check-state is ipnat. -mrh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message