Most wanted packet filter
Oliver Fromme
olli at lurza.secnetix.de
Wed Jul 20 15:13:30 GMT 2005
Roger Grosswiler <roger at gwch.net> wrote:
> [ipfw vs. ipf vs. pf]
In addition to the other replies, it is worth mentioning
that ipf (ipfilter) does not work reliably on SMP machines
under FreeBSD 5.x and 6.x (but 4.x should be fine), causing
random crashes when there is load.
Apparently this isn't going to change soon, because it is
a basic incompatibility between ipf and FreeBSD 5's SMP
which cannot easily be fixed.
Therefore I would recommend not to use ipf, unless you
don't need SMP and you're sure that you won't need it in
the foreseeable future. Since pf is nearly a superset of
ipf with similar syntax and improved features, I recommend
to use pf instead. Or ipfw, of course.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"That's what I love about GUIs: They make simple tasks easier,
and complex tasks impossible."
-- John William Chambless
More information about the freebsd-ipfw
mailing list