Re: ipf vs. ipfw

• Previous message: Bill Fenner: "Re: NOARP - gateway must answer and have frozen ARP table"
• Next in thread: Vaibhave Agarwal: "configure Intel 82559 Ethernet card for "Early Interrupts""
• Reply: Vaibhave Agarwal: "configure Intel 82559 Ethernet card for "Early Interrupts""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 08 May 2002 19:16:13 +1000 (Australia/NSW)
To: dwbear75@gmail.com

In some mail from Baldur Gislason, sie said:
>
> ipfw is in no way related to the linux firewalls (ipfwadm, ipchains or
> iptables). It is a specially designed firewall for FreeBSD. It isn't
> dependent on ipf, it has it's own in-kernel mechanism. It has a totally
> different syntax. Why FreeBSD has both I can't answer, ipfw and ipf each have
> their own advantages over each other. In my experience, ipfw is easier to
> work with, but it's also limited in some ways. Ipf tends to have a more
> complex ruleset, and more stateful functionality (ipfw can do stateful
> filtering but ipf has more customisable state keeping rules IIRC), however
> ipfw does have the ability to apply rules by uid's if you're doing a firewall
> for the local machine, and it does have a packet/byte counter for each
> individual rule. I'm not sure how this is with ipf as I haven't used is as
> much as I have used ipfw.

ipf has a completely separate set of rules you can use for accounting and
is minus any os-specific hacks (such as uid filtering)

ipfw does share its roots with the linux ipfw but linux long ago dropped
its one and the freebsd one is now much different.

ipf used to be more "leading edge" than any of the others and hence offered
more features and a bigger coolness factor but I've been slack for the last
year or two on that front.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Bill Fenner: "Re: NOARP - gateway must answer and have frozen ARP table"
• Next in thread: Vaibhave Agarwal: "configure Intel 82559 Ethernet card for "Early Interrupts""
• Reply: Vaibhave Agarwal: "configure Intel 82559 Ethernet card for "Early Interrupts""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: ipfw,ipf ... but what is the difference between ipfw and ipf ... > Seting up your firewall is easy to do... ... You can protect just one host, or an entire network. ... (comp.unix.bsd.freebsd.misc) Re: My first install - good performance, firewall questions ... There are two firewall, ipf and ipfw, embedded in the FreeBSD. ... (comp.unix.bsd.freebsd.misc) Re: freebsd firewallS ... i'd like build a rules firewall 4 my machine on the internet and my lan. ... I see: IPFW, PF, IPF. ... I have a main server on the internet and several clients. ... If you expect a simple rule set, then ipf may be the easy solution. ... (freebsd-questions) RE: ipf not working correctly??? ... Your first problem is you have ipfw and ipf both turned on in kernel ... You can only have one firewall on at a time. ... (freebsd-questions) RE: FreeBSD - Secure by DEFAULT ?? [hosts.allow] ... But why IPFW? ... IPF is *BSD native wall. ... > hosts.allow file on a FreeBSD Production Server? ... but with no Firewall yet. ... (FreeBSD-Security)