LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] ipfw vs ipchains vs iptables

[ILUG] ipfw vs ipchains vs iptables

Nick Hilliard nick-lists at netability.ie
Tue Jul 30 00:11:51 IST 2002 

[warning: veering further off topic]

Philip Reynolds wrote:
> Paul Jakma's [paul at clubi.ie] 67 lines of wisdom included:
>>i thought the firewalling code on all the BSDs was fairly related -
>>sorry. So FreeBSD's ipfw is not encumbered in the same way the old
>>OBSD firewalling was?

ipfw was written specifically for FreeBSD under a bsd license by Luigi
Rizzo, who's one of the FreeBSD whizzes.  All three of the BSD's
packaged IPFilter, which has been around for donkeys years and which has
a slightly different feature set to ipfw.

However, last year the author of IPFilter (Darren Reed) changed the
license on development branches of ipfilter to prohibit redistribution,
although official releases would still be kept under the old license. 
This policy got up the nose of Theo de Raadt (lots of things do, which
is why OpenBSD exists in the first place), so OpenBSD re-invented the
wheel and called their firewall "pf", under a full-time BSD license.   

The standard release versions of ipfilter are unencumbered, as always.

> Nope, indeed IPFW2 has just been rolled out into -STABLE. (-STABLE
> is a stable branch of the code that has been rolled into -CURRENT
> first. It's basically a major release, that's still a work in
> progress)

I'm not so sure that ipfw2 is really ready for production yet, having
only been mfc'd last wednesday.  It certainly adds some nice syntactic
sugar, and is apparently much faster for certain types of complex
rulesets.  It will be good once it's had some time to settle down a
little.

>>i've no experience of ipfw. (closest i've come is looking at IPFilter 
>>for IRIX - but it had a problem in that it wasnt maintained 
>>anymore. however, while the englishy syntax is nice, i dont think 
>>iptables command <args> syntax is a big obstacle).

ipfilter is quite nice, and is my current o/s firewall of choice.  It
has some nice features like the ability to save and restore state so
that connections are persistent across reboots, and its logging is
marginally better organised than ipfw's.  It's also very mature code,
which appeals to the rather conservative tastes of my old age.

Nick

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell