Date: Sat, 15 Sep 2001 14:03:13 +0300 From: Giorgos Keramidas <charon@labs.gr> To: Jason Anthony Mifsud <jamifsud@superrpg.com> Cc: chat@FreeBSD.ORG Subject: Re: ipfw and ipf and pf Message-ID: <20010915140313.A45993@hades.hell.gr> In-Reply-To: <20010914232949.A45136@FATE>; from jamifsud@superrpg.com on Fri, Sep 14, 2001 at 11:29:49PM -0400 References: <20010914232949.A45136@FATE>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason Anthony Mifsud <jamifsud@superrpg.com> wrote:
> Hey all
>
> I have ipfw running right now with no rules and have considered learning it,
> but I figured that ipf or pf is probably the way to go because they're more
> robust.
You seem to be prejudiced on this matter.
Why are you saying that ipf or pf[1] is more robust?
> Any suggestions comments?
>
> I've already read a breif tutorial on ipfw but I'd rather jump into the pro
> stuff if I can :)
Both ipf and ipfw can be a descent firewall. They have similar features, and
what can be done in one of them, is also possible with the other for more or
Less all their features. There is on thing that I know ipfw does, which ipf
cannot handle, and that it 'pipes'; a means of bandwidth-limiting.
Most people who choose the one over the other, do so for simple reasons
though. Among the most frequent ones are:
a) I like (ipf|ipfw) language better.
b) I like ipf because it works on other Unixes too.
c) I like ipfw because I use pipes all the time.
Really, the choise is yours. I'd say, study them both, and choose what fits
yours needs better.
-giorgos
[1] There is `pf' in FreeBSD. This is an OpenBSD packet filter.
I dont know how it works, so I'm not commenting on it.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010915140313.A45993>