[nycbug-talk] ipfw, ipf, pf comparison matrix
Isaac Levy
ike at lesmuug.org
Sat Sep 9 16:15:36 EDT 2006
Hi All,
On Sep 8, 2006, at 1:42 PM, Ray Lai wrote:
> You promised us a link to slides comparing ipfw and pf! Can you
> send it
> to the list? Thanks!
Ray reminded me to post the comparison of ipfw, ipf, and pf to the
talk list- here it is, in ASCII.
Again, with all the love and buzz over PF, it seems clear below why
IPFW is still the 'stock' packet filter in FreeBSD- many esoteric low-
level features, but no packet filter has it all...
Rocket,
.ike
########################################################################
####
BSD Firewalling Options
- comparing IPFW, IPFILTER, and PF -
List originally compiled for BSDCAN 2006, by
Scott Ullrich <sullrich at gmail.com> and Chris Buechler
<cbuechler at gmail.com>
Original Lecture Slides:
http://pfsense.org/bsdcan/
FEATURE IPFW IPFILTER PF
QUEUE DUMMYNET * *
QUEUE ALTQ * *
SKIPTO * *
RULESETS *
CONNECTION FORWARDING * * *
IPTOS *
IPTTL *
IPPOS *
IPVERSION *
LAYER2 MATCHING *
MAC ADDRESS FILTERING *
TABLES *
PROBABILITY (PROB) *
COUNT *
TEE * * *
“ME” SUPPORT * *
IPV6 *
JAIL *
IPSEC *
IPTOS - LOW DELAY * * *
IPTOS - THROUGHPUT * * *
IPTOS - RELIABILITY * * *
IPTOS - MINCOST * *
IPTOS - CONGESTION * * *
UID *
VERREVPATH *
QUICK * *
KEEP STATE * * *
MODULATE STATE *
SYNPROXY STATE *
OVERLOAD SUPPORT *
FINGERPRINT SCANNING *
LIMIT STATES PER RULE *
PF
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-
pf.html
IPFilter
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-
ipf.html
IPFW
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-
ipfw.html
########################################################################
####
More information about the talk
mailing list