From owner-freebsd-security Wed Mar 7 16:11:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 96EFD37B719 for ; Wed, 7 Mar 2001 16:11:34 -0800 (PST) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id VAA05148; Wed, 7 Mar 2001 21:11:31 -0300 (ART) From: Fernando Schapachnik Message-Id: <200103080011.VAA05148@ns1.via-net-works.net.ar> Subject: Re: ipfw or ipf? In-Reply-To: <20010307190222.A72795@rtfm.net> "from Nathan Dorfman at Mar 7, 2001 07:02:22 pm" To: Nathan Dorfman Date: Wed, 7 Mar 2001 21:11:31 -0300 (ART) Cc: freebsd-security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Nathan Dorfman escribió: > Hi all, > > What should I know before deciding on one of ipf or IPFW for > a -stable machine protecting a small network? > > >From what I recall, ipf had a few advantages like kernel-space > NAT, keeping TCP state, and portability. What does IPFW do > better than ipf? Are there any gross downsides to either? On the other hand ipfw can do traffic shaping. On FreeBSD you can build an "invisible" firewall with ipfw doing bridging. AFAIK, you can't do that with FreeBSD+ipf, althought is possible with OpenBSD+ipf. I have both on a very high concept. Good luck! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message