Firewalls

[Bruce Cran]

Doug Hardie wrote:
> FreeBSD supports 3 firewalls:  IPF, IPFW, and PF.  Some time ago 
> (perhaps years) I seem to recall some discussion that one or more of 
> those was better maintained and higher quality than the others.  I don't 
> see any indications of this in the handbook.  Several years ago I needed 
> to do traffic shaping and used IPFW with dummynet.  It worked but the 
> need eventually went away.  More recently I needed to incorporate spamd 
> which defaults to PF so I used that.  However, now I am back to needing 
> traffic shaping again.  I suspect trying to use both PF and IPFW 
> simultaneously will not be a good approach.  In addition, there now are 
> instructions for using spamd with IPFW so it appears that either PF or 
> IPFW will do what I need.  Is there any additional information available 
> to assist in selecting between those?  Thanks.

As I understand it pf is often found to be easiest to use and has lots 
of features like altq and os fingerprinting but is quite a bit slower 
than ipfw.

-- 
Bruce