ipfw vs. ipf on a freebsd router
John Levine
johnl at iecc.com
Wed Oct 18 15:11:44 UTC 2006
I'm putting together a freebsd router to sit between my LAN and a T1.
The current router (still running BSD/OS) uses BSDI's ipfw, but that
died when BSDI did. It's about as simple a routing job as one could
ask, a T1 with a static address to a LAN with a static /24.
I have a whole bunch of packet filtering rules on the current router
to keep out nasty stuff based partly on port numbers but also a couple
of hundred IP ranges from the SBL and elsewhere. I have enough IP
addresses that I do not need to NAT.
What are the relative merits of freebsd's ipf and ipfw? It looks like
either can do the filtering I need to do. Any reason to choose one
over the other?
While I'm at it, should I turn on netgraph or just use the regular
network stuff?
R's,
John
More information about the freebsd-questions
mailing list