On Mon, 29 Jul 2002, Philip Reynolds wrote:
> 2. Intuitive syntax
>> ipfw's syntax is very intuitive, at least compared to ipchains,
> where rules look like a bunch of garble without consulting the
> manpage for 50% of the switches. To someone with a decent working
> knowledge of networking and firewalls, it's fairly easy to see
> what's happening when given a list of ipfw rules, unlike ipchains.
however, there are quite a few setup scripts available for
ipchains/iptables, which can make config just as easy as ipfw.
> 3. Other functions
> ipfw has other functions that you might want, including traffic
> shaping using dummynet and filtering by UID/GID. Something to think
> about for those esoteric needs.
iptables has these too.
> utter bitch to get advanced stateful connections working correctly
> with NAT (that's using the divert option). PPP's rendition of nat
> seems to work fine with it, but it seems to want workarounds and
> hacks to work properly with it's ``divert'' option with the
> out-of-the-box supplied NAT.
works fine with iptables.
> rendition of Linux's firewall, however I would question running
> anything as immature as it in mission-critical situations.
isnt the ipfw code in BSD brand-new aswell? (the old code was
rewritten for OpenBSD recently due to licensing concerns).
the above is a bit FUD'ish.
they're all much of a muchness really. probably best thing is:
- if you're more comfortable with BSD -> ipfw
- ditto for linux -> iptables
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!