• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
THREAD MOVED Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

THREAD MOVED Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin

  • Subject: THREAD MOVED Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin
  • From: OpenMacNews <email@hidden>
  • Date: Wed, 26 Nov 2003 12:40:20 -0800
Aaron,

btw, after having had it suggested to move this thread to darwin-development, i did so last eve ....

i won't presume to re-post your reply there, please do so if *you* like ...

I've run across a small comparison between ipfilter+ipnat and ipfw+natd in
the introduction section of this page:

http://neon1.net/misc/firewall.html

It seems a bit dated since it says pf doesn't have traffic shaping (altq
support in pf (along with a slew of othe rneat features) has since been
added). I haven't found anything comparing pf and ipfw2.

actually a nice overview, hadn't found this one yet myself ...

I'd like to see pf support myself, I use OpenBSD on a couple gateways and
the ruleset syntax is very natural. Both altq and nat are integrated well
into the ruleset.

I have some kernel programming experience, though probably not the level
of expertise for a project like this.

Regards,
Aaron

PS- One of those neat little features of pf is the passive OS
fingerprinting:

block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"} \
to any port smtp

that would be a nice addition to the available Darwin toolkit!

thanks,

richard


On Mon, 24 Nov 2003, OpenMacNews wrote:

ok,

having done some reading re: pf/ipf, i've got to say that -- altho still a bit foreign -- it definitely seems to be
well-featured, and as ipfw2, would be a not insignificant improvement over Darwin's current ipfw. as you, i have to
compare ipfw2 & pf in greater depth to 'choose' between the two ...

ANYONE OUT THERE HAVE ANY URLs FOR A GOOD/THOROUGH COMPARISONS
OF IPFW/IPFW2/PF/IPF?

either way, i agree that ipfw is getting 'long in the tooth' ... and would add my voice to suggesting that a
discussion here be opened/started here on the matter. it seems to be the right forum ...

i'll be happy to contribute what i can as a user, but as a kernel-developer, i'm in over my head :-S


cheers,

richard
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.
References: 
 >status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: OpenMacNews <email@hidden>)
 >Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: OpenMacNews <email@hidden>)
 >Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: Jeff Nathan <email@hidden>)
 >Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: OpenMacNews <email@hidden>)
 >Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel? (From: "Aaron Linville" <email@hidden>)

  • Prev by Date: Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel?
  • Next by Date: porting next-gen firewalls: When to build in-kernel vs. KEXT?
  • Previous by thread: Re: status (plans?) of latest *BDS's ipfw2 for OSX/Darwin kernel?
  • Next by thread: porting next-gen firewalls: When to build in-kernel vs. KEXT?
  • Index(es):
    • Date
    • Thread