ipfw vs ipfilter
McLone the Great
mclone at gmail.com
Sat Dec 11 09:27:54 PST 2004
On Sat, 11 Dec 2004 19:22:28 +0300, Castl Troy <mastah at phreaker.net> wrote:
> Is it normal behavior to have a rule like "pass ip from any to any" in
> ipfw, and do the main firewalling in ipfilter?
u can just disable ipfw or kldunload module - NAT in ipnat implemented
better, imo; natd is a bitch to debug...
> why && when you/me/other need to choose ipfilter instead of ipfirewall?
you should dig some OpenBSD mail archives, in time when they switched
from ipf to pf. That'll clear things about stability, reability and
speed.
> You say you use PF, i will read info on it.
pf is self-suficient; I migrated from linux ipfw > linux ipchains >
fbsd ipfw (not too long) > ipf > pf (on all BSDs).
And, ALTQ/spamd/authpf [in PF] is a must.
--
wbr, |\ _,,,---,,_ dog bless ya!
` Zzz /,`.-'`' -. ;-;;,_
McLone at GMail dot com |,4- ) )-,_. ,\ ( `'-'
net- and *BSD admin '---''(_/--' `-'\_) ...sorry for translit
More information about the freebsd-pf
mailing list