IPFW and PF
Andrew Pantyukhin
infofarmer at FreeBSD.org
Wed Nov 1 06:33:24 UTC 2006
On 10/30/06, Andy Greenwood <greenwood.andy at gmail.com> wrote:
> On 10/30/06, Lowell Gilbert <freebsd-questions-local at be-well.ilk.org> wrote:
> > "Andy Greenwood" <greenwood.andy at gmail.com> top-posted:
> >
> > > On 10/28/06, David Schulz <davidschulz at tca-cable-connector.com> wrote:
> > >> Hi all,
> > >>
> > >> IPFW seems to be the same IPFW that is used on MacOSX, so it seems to
> > >> make sense to learn and lean on IPFW when using in a mixed Machine
> > >> Environment. On the other side, many People seem to say PF is easier
> > >> to manage once a setup gets complicated. As usual, both sides have
> > >> their own valid points. My question though is not whether any of the
> > >> two , IPFW of PF is better then the other, but which of the two do
> > >> you use, and why?
> > >>
> >
> > > PF, for two reasons. Firstly, because I don't have to mess with
> > > arbitrary rule numbers; I can just scroll down the page and know that
> > > rules will be executed in that order. Secondly becuase I can easily
> > > integrate bruteforceblocker.
> >
> > Wow. I can see some advantages either way, but I can't see any
> > differences on those grounds. After all, rule numbers *aren't*
> > required in ipfw (even the example script doesn't use them). And
> > bruteblock works with ipfw in *very* much the same way that
> > bruteforceblock does with pf.
>
> Sorry, that should've been Altq, not bruteforceblocker.
Altq is also there in ipfw :-)
More information about the freebsd-questions
mailing list