LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] ipfw vs ipchains vs iptables

[ILUG] ipfw vs ipchains vs iptables

Paul Jakma paulj at alphyra.ie
Mon Jul 29 18:17:12 IST 2002 

On Mon, 29 Jul 2002, Philip Reynolds wrote:

> 2. Intuitive syntax
> 
> ipfw's syntax is very intuitive, at least compared to ipchains,
> where rules look like a bunch of garble without consulting the
> manpage for 50% of the switches. To someone with a decent working
> knowledge of networking and firewalls, it's fairly easy to see
> what's happening when given a list of ipfw rules, unlike ipchains.

true.

however, there are quite a few setup scripts available for 
ipchains/iptables, which can make config just as easy as ipfw.

> 3. Other functions
> ipfw has other functions that you might want, including traffic
> shaping using dummynet and filtering by UID/GID. Something to think
> about for those esoteric needs.

iptables has these too.

> utter bitch to get advanced stateful connections working correctly
> with NAT (that's using the divert option). PPP's rendition of nat
> seems to work fine with it, but it seems to want workarounds and
> hacks to work properly with it's ``divert'' option with the
> out-of-the-box supplied NAT.

works fine with iptables.

> rendition of Linux's firewall, however I would question running
> anything as immature as it in mission-critical situations.

isnt the ipfw code in BSD brand-new aswell? (the old code was 
rewritten for OpenBSD recently due to licensing concerns).

the above is a bit FUD'ish.

> Phil.

they're all much of a muchness really. probably best thing is:

- if you're more comfortable with BSD -> ipfw

- ditto for linux -> iptables

--paulj

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell