IPF, IPFW, or IPFILTER?
Jay Moore
jaymo at cromagnon.cullmail.com
Sun Feb 6 15:58:01 PST 2005
On Wednesday 02 February 2005 12:00 pm, Andy Firman wrote:
> The author of the FreeBSD handboodk prefers IPF (ipfilter) because
> its stateful rules are much less complicated....
> The author of "The Complete BSD" talks about IPFW (ipfirewall)
> only. People on this list talk of PF (packetfilter) quite a bit.
>
> What is the most "commonly used" firewall for a web/email host
> server with a static IP address connected directly to the Internet?
> (protecting itself)
>
> What is the most "commonly used" firewall for a gateway/router/
> network firewall server in front of several other boxes?
> (protecting others and itself)
Andy,
I like pf; I think it's a mature product that is well-maintained by some folks
who seem to know what they're doing. It was "ported" to FreeBSD about a year
ago IIRC. There is a good user's guide available at www.openbsd.org.
A little history: OpenBSD used to use ipf as its firewall. Major, major
friction between the ipf author and OpenBSD proj leader motivated development
of pf. Following post provides some background on this:
http://www.monkey.org/openbsd/archive/misc/0206/msg02365.html
hth,
Jay
More information about the freebsd-questions
mailing list