From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul 20 15:13:30 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@FreeBSD.ORG
Delivered-To: freebsd-ipfw@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B3E0116A41F
	for <freebsd-ipfw@FreeBSD.ORG>; Wed, 20 Jul 2005 15:13:30 +0000 (GMT)
	(envelope-from olli@lurza.secnetix.de)
Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D76CC43D46
	for <freebsd-ipfw@FreeBSD.ORG>; Wed, 20 Jul 2005 15:13:27 +0000 (GMT)
	(envelope-from olli@lurza.secnetix.de)
Received: from lurza.secnetix.de (shkjof@localhost [127.0.0.1])
	by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j6KFDObI043526
	for <freebsd-ipfw@FreeBSD.ORG>; Wed, 20 Jul 2005 17:13:25 +0200 (CEST)
	(envelope-from oliver.fromme@secnetix.de)
Received: (from olli@localhost)
	by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j6KFDO4M043525;
	Wed, 20 Jul 2005 17:13:24 +0200 (CEST) (envelope-from olli)
Date: Wed, 20 Jul 2005 17:13:24 +0200 (CEST)
Message-Id: <200507201513.j6KFDO4M043525@lurza.secnetix.de>
From: Oliver Fromme <olli@lurza.secnetix.de>
To: freebsd-ipfw@FreeBSD.ORG
In-Reply-To: <38301.62.2.21.164.1121862149.squirrel@www.gwch.net>
X-Newsgroups: list.freebsd-ipfw
User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386))
Cc: 
Subject: Re: Most wanted packet filter
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd-ipfw@FreeBSD.ORG
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2005 15:13:30 -0000

Roger Grosswiler <roger@gwch.net> wrote:
 > [ipfw vs. ipf vs. pf]

In addition to the other replies, it is worth mentioning
that ipf (ipfilter) does not work reliably on SMP machines
under FreeBSD 5.x and 6.x (but 4.x should be fine), causing
random crashes when there is load.

Apparently this isn't going to change soon, because it is
a basic incompatibility between ipf and FreeBSD 5's SMP
which cannot easily be fixed.

Therefore I would recommend not to use ipf, unless you
don't need SMP and you're sure that you won't need it in
the foreseeable future.  Since pf is nearly a superset of
ipf with similar syntax and improved features, I recommend
to use pf instead.  Or ipfw, of course.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"That's what I love about GUIs: They make simple tasks easier,
and complex tasks impossible."
        -- John William Chambless