ipfw vs. ipf on a freebsd router
Giorgos Keramidas
keramida at ceid.upatras.gr
Wed Oct 18 15:25:30 UTC 2006
On 2006-10-18 15:10, John Levine <johnl at iecc.com> wrote:
> I'm putting together a freebsd router to sit between my LAN and a T1.
> The current router (still running BSD/OS) uses BSDI's ipfw, but that
> died when BSDI did. It's about as simple a routing job as one could
> ask, a T1 with a static address to a LAN with a static /24.
>
> I have a whole bunch of packet filtering rules on the current router
> to keep out nasty stuff based partly on port numbers but also a couple
> of hundred IP ranges from the SBL and elsewhere. I have enough IP
> addresses that I do not need to NAT.
>
> What are the relative merits of freebsd's ipf and ipfw? It looks like
> either can do the filtering I need to do. Any reason to choose one
> over the other?
For what it's worth, IPFW is also available on FreeBSD.
I don't know how different the BSDi version of IPFW was, but it may be
easier to use FreeBSD's IPFW -- at least at first.
If reducing the pain of a transition from BSD/OS to FreeBSD is a worthy
goal, I would recommend IPFW :)
> While I'm at it, should I turn on netgraph or just use the regular
> network stuff?
Not necessarily. Do you really need it?
More information about the freebsd-questions
mailing list