Lowell Gilbert freebsd-questions-local at be-well.ilk.org
Mon Oct 30 14:51:38 UTC 2006

"Andy Greenwood" <greenwood.andy at gmail.com> top-posted:

> On 10/28/06, David Schulz <davidschulz at tca-cable-connector.com> wrote:
>> Hi all,
>> IPFW seems to be the same IPFW that is used on MacOSX, so it seems to
>> make sense to learn and lean on IPFW when using in a mixed Machine
>> Environment. On the other side, many People seem to say PF is easier
>> to manage once a setup gets complicated. As usual, both sides have
>> their own valid points. My question though is not whether any of the
>> two , IPFW of PF is better then the other, but which of the two do
>> you use, and why?

> PF, for two reasons. Firstly, because I don't have to mess with
> arbitrary rule numbers; I can just scroll down the page and know that
> rules will be executed in that order. Secondly becuase I can easily
> integrate bruteforceblocker.

Wow.  I can see some advantages either way, but I can't see any
differences on those grounds.  After all, rule numbers *aren't*
required in ipfw (even the example script doesn't use them).  And
bruteblock works with ipfw in *very* much the same way that
bruteforceblock does with pf.

More information about the freebsd-questions mailing list