Date: Tue, 7 May 2002 23:15:17 +0000 From: Baldur Gislason <baldur@foo.is> To: Tom Limoncelli <tal@lumeta.com> Cc: freebsd-security@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipf vs. ipfw Message-ID: <20020507231529.8B55C2744@tesla.foo.is> In-Reply-To: <3CD8558E.2FA68C36@lumeta.com> References: <3CD8558E.2FA68C36@lumeta.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ipfw is in no way related to the linux firewalls (ipfwadm, ipchains or iptables). It is a specially designed firewall for FreeBSD. It isn't dependent on ipf, it has it's own in-kernel mechanism. It has a totally different syntax. Why FreeBSD has both I can't answer, ipfw and ipf each have their own advantages over each other. In my experience, ipfw is easier to work with, but it's also limited in some ways. Ipf tends to have a more complex ruleset, and more stateful functionality (ipfw can do stateful filtering but ipf has more customisable state keeping rules IIRC), however ipfw does have the ability to apply rules by uid's if you're doing a firewall for the local machine, and it does have a packet/byte counter for each individual rule. I'm not sure how this is with ipf as I haven't used is as much as I have used ipfw. Baldur On Tuesday 07 May 2002 22:30, you wrote: > I use ipf, and recently some people have asked me about ipfw that I > couldn't answer. Hopefully people on this list can enlighten me. > > Are ipf and ipfw different interfaces to the same in-kernel filtering > mechanism? It doesn't look like it is, but I'd like that confirmed. > > Is ipfw related at all to the Linux ipfw? The syntax looks the same, > but the man page doesn't mention Linux. > > Why does FreeBSD have both? Is it because ipf is generic (ported to > Solaris, IRIX, OpenBSD, etc) and ipfw is specifically designed for > FreeBSD? > > Thanks in advance! > --tal > > P.S. I'm collecting data here: > http://whatexit.org/tal/mywritings/freefilters.html > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020507231529.8B55C2744>