In reply to Enda's flatulent wordings,
> Depends on the features your looking for, each offer somthing new, eg
> if you want a solid NAT, then iptables, no NAT, then I'd use sinus for
> its configurator and robustness.
I think IPF, IPFW, Iptables and PF are the cream of the crop of open
source firewalls ATM. I haven't tried PF but since it's a replacement
for IPF I imagine that everything but stability, maturity and efficiency
would be quite similar
In order of preference
If you're talking general firewalling (including stateful firewalling)
IPF (stable, efficient, good ruleset configuration)
No real difference between iptables and ipfw
If you're talking NAT
IPF (very mature and stable)
Iptables (decent but not as stable and prone to cock up for things such
as changing IPs)
IPFW (inefficiently uses userspace daemon for kernel -> user space ->
kernel copies of NATed packets, many many times slower than above two)
If you're talking fancy features
Iptables and IPFW, both can be used to do traffic shaping, filtering by
UID/GID and so on
IPF has a plugin system to do so but ATM I haven't seen many plugins to
do such things
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
