Firewalls
Zane C.B.
v.velox at vvelox.net
Sat May 3 00:25:14 UTC 2008
On Mon, 28 Apr 2008 20:50:06 +0100
Bruce Cran <bruce at cran.org.uk> wrote:
> Doug Hardie wrote:
> > FreeBSD supports 3 firewalls: IPF, IPFW, and PF. Some time ago
> > (perhaps years) I seem to recall some discussion that one or more
> > of those was better maintained and higher quality than the
> > others. I don't see any indications of this in the handbook.
> > Several years ago I needed to do traffic shaping and used IPFW
> > with dummynet. It worked but the need eventually went away.
> > More recently I needed to incorporate spamd which defaults to PF
> > so I used that. However, now I am back to needing traffic
> > shaping again. I suspect trying to use both PF and IPFW
> > simultaneously will not be a good approach. In addition, there
> > now are instructions for using spamd with IPFW so it appears that
> > either PF or IPFW will do what I need. Is there any additional
> > information available to assist in selecting between those?
> > Thanks.
>
> As I understand it pf is often found to be easiest to use and has
> lots of features like altq and os fingerprinting but is quite a bit
> slower than ipfw.
There is one thing that IPFW has that PF does not that I have found
to be very handy at times. It can be used to setup firewall rules
that only affect a specific group or user.
More information about the freebsd-questions
mailing list