From owner-freebsd-questions Mon Aug 5 5:54:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37F8737B400 for ; Mon, 5 Aug 2002 05:54:46 -0700 (PDT) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4FDD43E3B for ; Mon, 5 Aug 2002 05:54:44 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from localhost (localhost [127.0.0.1]) by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id g75CqN142692; Mon, 5 Aug 2002 09:52:24 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Mon, 5 Aug 2002 09:52:23 -0300 (ART) From: Fernando Gleiser X-X-Sender: To: Josh Paetzel Cc: "Freebsd-Questions (E-mail)" Subject: Re: Which provides a better firewall (ipfw or ipf) In-Reply-To: <20011128113013.B550@twincat.vladsempire.net> Message-ID: <20020805095049.J6656-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 28 Nov 2001, Josh Paetzel wrote: > > #2 ipfw uses a first match wins ruleset, whereas ipf is a last match > wins setup. This can cause the ruleset to get quite bulky > and hard to follow especially if it is a longish ruleset, as > you end up using a lot of quick rules to keep common packets > from going through every rule in the list. ipf can be first-match also. Take a look at the 'quick' keyword. Fer > > Hope that helps you make an informed decision. > > Josh > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message