View Single Post
  #5   (View Single Post)  
Old 28th July 2015
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102

Originally Posted by gpatrick View Post
FreeBSD has 3 firewalls available: IPFW, ipf, and pf.

pf is different from OpenBSD's pf and was rewritten for SMP support and uses the older syntax (pre-4.7 I believe).
FreeBSD PF has not been rewritten. It has some quick dirty SMP hack and uses a peace of FreeBSD network stack which is non existent in OpenBSD. It is more or less 5 year old version of vanilla PF. On another hand OpenBSD has been practically rewritten and currently is being SMP optimized and tuned. There was enormous amount of work gone in SMP network and PF stack on OpenBSD.

Originally Posted by gpatrick View Post
ipf is maintained by one or two people I believe but if memory recalls there was talk of removing it since it was not maintained, until someone stepped up.
This is first firewall originally developed for Solaris. Solaris is switching to PF. Juniper networks vetoed FreeBSD decision to remove ipf as it seems that JunoOS uses IPF.
I am sure SmallWall people (some old m0n0wall users) are happy too.

Originally Posted by gpatrick View Post
ipfw is the firewall that is FreeBSD developed.

There is some discussion with the state of pf in FreeBSD which can be followed here Future of pf firewall in FreeBSD
IPFW is indigious firewall of FreeBSD which is also a granddaddy of UNIX IPtables. Its development stall to the point that Apple decided few years ago to switch to PF. However more recently Luigi Rizzo and his students from Università di Pisa have put lots of work into it. It is a different approach to the problem of firewall than PF and even though I don't use it I like the diversity.

It should be also mentioned that there is another separate active fork of IPFW developed by a DragonFly BSD guy which goes under the name IPFW2.
Reply With Quote