Re: ipf vs. ipfw

From: Aragon Gouveia (aragon@phat.za.net)
Date: 05/08/02


From: "Aragon Gouveia" <aragon@phat.za.net>
To: <freebsd-security@freebsd.org>
Date: Wed, 8 May 2002 02:19:48 +0200

Also, ipfw is the interface to FreeBSD's very cool dummynet(4) traffic
shaper.

I haven't used ipf personally. Does it have builtin support for traffic
shaping? Weighted Fair Queueing?

Regards,
Aragon

----- Original Message -----
From: "Baldur Gislason" <baldur@foo.is>
To: "Tom Limoncelli" <tal@lumeta.com>
Cc: <freebsd-security@freebsd.org>; <freebsd-net@freebsd.org>
Sent: Wednesday, May 08, 2002 1:15 AM
Subject: Re: ipf vs. ipfw

> ipfw is in no way related to the linux firewalls (ipfwadm, ipchains or
> iptables). It is a specially designed firewall for FreeBSD. It isn't
> dependent on ipf, it has it's own in-kernel mechanism. It has a totally
> different syntax. Why FreeBSD has both I can't answer, ipfw and ipf each
have
> their own advantages over each other. In my experience, ipfw is easier to
> work with, but it's also limited in some ways. Ipf tends to have a more
> complex ruleset, and more stateful functionality (ipfw can do stateful
> filtering but ipf has more customisable state keeping rules IIRC), however
> ipfw does have the ability to apply rules by uid's if you're doing a
firewall
> for the local machine, and it does have a packet/byte counter for each
> individual rule. I'm not sure how this is with ipf as I haven't used is as
> much as I have used ipfw.
>
> Baldur
>
> On Tuesday 07 May 2002 22:30, you wrote:
> > I use ipf, and recently some people have asked me about ipfw that I
> > couldn't answer. Hopefully people on this list can enlighten me.
> >
> > Are ipf and ipfw different interfaces to the same in-kernel filtering
> > mechanism? It doesn't look like it is, but I'd like that confirmed.
> >
> > Is ipfw related at all to the Linux ipfw? The syntax looks the same,
> > but the man page doesn't mention Linux.
> >
> > Why does FreeBSD have both? Is it because ipf is generic (ported to
> > Solaris, IRIX, OpenBSD, etc) and ipfw is specifically designed for
> > FreeBSD?
> >
> > Thanks in advance!
> > --tal
> >
> > P.S. I'm collecting data here:
> > http://whatexit.org/tal/mywritings/freefilters.html
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages