Date: Mon, 26 Aug 2002 16:02:24 +0200 From: "Patrick O'Reilly" <bsd@perimeter.co.za> To: "bill" <bill@TechServSys.com>, freebsd-questions@FreeBSD.ORG Subject: Re: ipfw, ipfilter Message-ID: <003a01c24d09$376c6410$b50d030a@PATRICK> References: <3D69FA1B.3306.14CD15AE@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "bill" <bill@TechServSys.com>
> I am used to using ipfilter, but note in rc.conf ipfw is enabled. Is
this a
> different firewall, or something different ?
Different Packet-Filtering Firewall.
> Do I need to do anything to enable ipfilter besides override the
ipfilter entry in
> /etc/defaults/rc.conf in /etc/rc.conf and write the ipfilter rules ?
No - I don't think you need to do any more than you have said.
> Should I, do I need to disable ifpw ?
No, though you probably want to choose one or the other, unless you are
a belt&braces kind of guys :) It is worth noting that ipf and ipfw each
have their own dvantages.
ipf uses ipnat for NAT. ipnat runs in the kernel, and so provides
superior performance.
ipfw uses natd for NAT. natd is a daemon running in userland, and so is
not as fast as ipnat.
Of course, this performance difference is probably only of concern if
your gateway is really heavily loaded.
ipfw has a traffic-shaping capability, which (AFAIK) ipf does not have.
See DUMMYNET if you want to know more.
> Please take my ignorance with kindness and point out anything I have
> forgotten to ask about.
Regards,
Patrick O'Reilly.
___ _ __
/ _ )__ __ (_)_ __ ___ _/ /____ __
/ __/ -_) _) / ~ ) -_), ,-/ -_) _)
/_/ \__/_//_/_/~/_/\__/ \__/\__/_/
http://www.perimeter.co.za
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003a01c24d09$376c6410$b50d030a>