ipfw vs ipfilter
McLone the Great
mclone at gmail.com
Sat Dec 11 09:27:00 PST 2004
On Sat, 11 Dec 2004 17:22:38 +0300, Castl Troy <mastah at phreaker.net> wrote:
> Can anybody help me with understanding the difference between
> ipfilter(ipf) and ipfirewall (ipfw).
the main differences is [imho]
- ipf is last-match, ipfw is first-match filters
- ipf runs on many unices, ipfw is FreeBSD project
by last match i mean packet goes thru _all_ rules, and not exits
processing chain after first successfull rule match like in
ipchains/iptables
> Any link to docs or info will greatly help me.
obfuscation.org/ipf/
> I use FreeBSD for almost 5 years, but i used only ipfw for packet
> routing and never use ipfilter for this.
routing is done by kernel, not filter btw.
> I wonder is it "internal" packet routing mechanism or maybe it is
> just for compatibility with OpenBSD?
as of 3.0 OpenBSD switched from ipf to PF (which i use on FreeBSD). Read
openbsd.org/faq/pf/ - it's powerfull!
--
wbr, |\ _,,,---,,_ dog bless ya!
` Zzz /,`.-'`' -. ;-;;,_
McLone at GMail dot com |,4- ) )-,_. ,\ ( `'-'
net- and *BSD admin '---''(_/--' `-'\_) ...sorry for translit
More information about the freebsd-pf
mailing list