Date: Sat, 11 Dec 2004 19:27:50 +0200 From: McLone the Great <mclone@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: ipfw vs ipfilter Message-ID: <451cb30104121109271da347ac@mail.gmail.com> In-Reply-To: <451cb3010412110924293082b7@mail.gmail.com> References: <6.2.0.7.1.20041211171714.02128e78@pop.phreaker.net> <451cb3010412110737382bf5d9@mail.gmail.com> <6.2.0.7.1.20041211191640.02134a60@pop.phreaker.net> <451cb3010412110924293082b7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 11 Dec 2004 19:22:28 +0300, Castl Troy <mastah@phreaker.net> wrote: > Is it normal behavior to have a rule like "pass ip from any to any" in > ipfw, and do the main firewalling in ipfilter? u can just disable ipfw or kldunload module - NAT in ipnat implemented better, imo; natd is a bitch to debug... > why && when you/me/other need to choose ipfilter instead of ipfirewall? you should dig some OpenBSD mail archives, in time when they switched from ipf to pf. That'll clear things about stability, reability and speed. > You say you use PF, i will read info on it. pf is self-suficient; I migrated from linux ipfw > linux ipchains > fbsd ipfw (not too long) > ipf > pf (on all BSDs). And, ALTQ/spamd/authpf [in PF] is a must. -- wbr, |\ _,,,---,,_ dog bless ya! ` Zzz /,`.-'`' -. ;-;;,_ McLone at GMail dot com |,4- ) )-,_. ,\ ( `'-' net- and *BSD admin '---''(_/--' `-'\_) ...sorry for translit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?451cb30104121109271da347ac>