IPFW or pf?

[Andreas Davour]

On Tue, 15 Mar 2005, Lowell Gilbert wrote:

> Andreas Davour <ante at Update.UU.SE> writes:
>
>> I have read the handbook about firewalls, and compiled my kernel
>> without switching on any explicit support for pf.
>>
>> Now, when I ran the mergemaster it suddenly found a lot of references
>> to pf in my startup scripts.
>
> The startup scripts support pf, but do not require it.

Ok, That's a relief. I didn't do anything stupid.

>> Is pf some kind of mandatory part of the base system these days? I
>> thought it was some kind of alternative to IPFW, but now I'm no longer
>> so sure.
>
> It is a part of the base system.  It is always present just like ipfw,
> but its use is not required.

So, the base systems ships with two firewalls? Why? Reading about 
firewalls in the handbook, I realized I didn't know much about them. I'd 
say that adding some more text to the handbook about those two and how 
they [don't] interact might be a good idea. I don't know enough to do 
it.

>> Can someone tell me if it's ok to just use IPFW on my STABLE system,
>> or is there some other knobs in the kernelconfig I should toggle to
>> turn off pf support?
>
> You are fine the way you are.  I recommend letting mergemaster update
> the default pf startup files, so that it won't ask about them next
> time, but it doesn't really matter if you're not using pf.

Will do.

Thanks for the help!

/Andreas

-- 
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?