Date: Fri, 18 Aug 2000 14:12:56 -0400 From: Peter Radcliffe <pir@pir.net> To: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter v. ipfw Message-ID: <20000818141256.A29131@pir.net> In-Reply-To: <Pine.BSF.4.21.0008181054250.90214-100000@harlie.bfd.com>; from ejs@bfd.com on Fri, Aug 18, 2000 at 11:04:58AM -0700 References: <000f01c00939$0dd7b480$b8209fc0@marlowe> <Pine.BSF.4.21.0008181054250.90214-100000@harlie.bfd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Eric J. Schwertfeger" <ejs@bfd.com> probably said: > I've got firewalls in place with each kind. Personally, I find ipfw more > flexible, especially now that it can track states. ipfw works on a first > match engine, ipfilter works on a last match engine (I don't know why, it > just means more work for the engine), though you can include an option to > each rule to make it act first match. I found ipfw far too limiting, state tracking or otherwise. I do use keep state in ipfilter quite happily. It also has a side advantage of being platform independant - I can use the same rule files on my FreeBSD boxes and my Solaris boxes. P. -- pir pir@pir.net pir@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000818141256.A29131>