• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel?

  • Subject: Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel?
  • From: "Aaron Linville" <email@hidden>
  • Date: Wed, 26 Nov 2003 14:46:37 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've run across a small comparison between ipfilter+ipnat and ipfw+natd in
the introduction section of this page:

http://neon1.net/misc/firewall.html

It seems a bit dated since it says pf doesn't have traffic shaping (altq
support in pf (along with a slew of othe rneat features) has since been
added). I haven't found anything comparing pf and ipfw2.

I'd like to see pf support myself, I use OpenBSD on a couple gateways and
the ruleset syntax is very natural. Both altq and nat are integrated well
into the ruleset.

I have some kernel programming experience, though probably not the level
of expertise for a project like this.

Regards,
Aaron

PS- One of those neat little features of pf is the passive OS
fingerprinting:

block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"} \
to any port smtp

:-)

On Mon, 24 Nov 2003, OpenMacNews wrote:

> ok,
>
> having done some reading re: pf/ipf, i've got to say that -- altho still a bit foreign -- it definitely seems to be
> well-featured, and as ipfw2, would be a not insignificant improvement over Darwin's current ipfw. as you, i have to
> compare ipfw2 & pf in greater depth to 'choose' between the two ...
>
> ANYONE OUT THERE HAVE ANY URLs FOR A GOOD/THOROUGH COMPARISONS
> OF IPFW/IPFW2/PF/IPF?
>
> either way, i agree that ipfw is getting 'long in the tooth' ... and would add my voice to suggesting that a discussion
> here be opened/started here on the matter. it seems to be the right forum ...
>
> i'll be happy to contribute what i can as a user, but as a kernel-developer, i'm in over my head :-S
>
>
> cheers,
>
> richard
-----BEGIN PGP SIGNATURE-----

iD8DBQE/xQMf+W1NLgrTPToRAld5AKCbM9lN02Tf2WPDSylaHSVvHHpL3wCePCVi
JrGCs4I1GZpGHrFPPiKNq8A=
=1hrW
-----END PGP SIGNATURE-----
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • porting next-gen firewalls: When to build in-kernel vs. KEXT?
      • From: OpenMacNews <email@hidden>
    • THREAD MOVED Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin
      • From: OpenMacNews <email@hidden>
References: 
 >status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: OpenMacNews <email@hidden>)
 >Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: OpenMacNews <email@hidden>)
 >Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: Jeff Nathan <email@hidden>)
 >Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: OpenMacNews <email@hidden>)

  • Prev by Date: Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel?
  • Next by Date: THREAD MOVED Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin
  • Previous by thread: Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel?
  • Next by thread: THREAD MOVED Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin
  • Index(es):
    • Date
    • Thread