-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've run across a small comparison between ipfilter+ipnat and ipfw+natd in the introduction section of this page: http://neon1.net/misc/firewall.html It seems a bit dated since it says pf doesn't have traffic shaping (altq support in pf (along with a slew of othe rneat features) has since been added). I haven't found anything comparing pf and ipfw2. I'd like to see pf support myself, I use OpenBSD on a couple gateways and the ruleset syntax is very natural. Both altq and nat are integrated well into the ruleset. I have some kernel programming experience, though probably not the level of expertise for a project like this. Regards, Aaron PS- One of those neat little features of pf is the passive OS fingerprinting: block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"} \ to any port smtp :-) On Mon, 24 Nov 2003, OpenMacNews wrote:

ok,

having done some reading re: pf/ipf, i've got to say that -- altho still a bit foreign -- it definitely seems to be

well-featured, and as ipfw2, would be a not insignificant improvement over Darwin's current ipfw. as you, i have to

compare ipfw2 & pf in greater depth to 'choose' between the two ...

ANYONE OUT THERE HAVE ANY URLs FOR A GOOD/THOROUGH COMPARISONS

OF IPFW/IPFW2/PF/IPF?

either way, i agree that ipfw is getting 'long in the tooth' ... and would add my voice to suggesting that a discussion

here be opened/started here on the matter. it seems to be the right forum ...

i'll be happy to contribute what i can as a user, but as a kernel-developer, i'm in over my head :-S

cheers,

richard

-----BEGIN PGP SIGNATURE----- iD8DBQE/xQMf+W1NLgrTPToRAld5AKCbM9lN02Tf2WPDSylaHSVvHHpL3wCePCVi JrGCs4I1GZpGHrFPPiKNq8A= =1hrW -----END PGP SIGNATURE----- _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.