[geeks] Routing problem: solution in progress
Michael-John Turner
mj at turner.org.za
Wed Dec 27 00:20:13 CST 2006
On Tue, Dec 26, 2006 at 08:28:26PM -0500, Sridhar Ayengar wrote:
> What's pf's big advantage over IPFilter? Performance? Simplicity?
> Shorter data path?
Ignoring feature set and the licensing brouhaha, the biggest for me is
ongoing development. IPFilter has been a mature product for a number of
years and hasn't seen many new features being added (IMHO, it's stagnating
somewhat). pf is continually being enhanced with features like CARP, pftpx,
etc.
That said, I like pf for the following reasons:
- Performance (no figures to hand, but it is fast)
- Similar configuration to IPFilter (ie an intuitive and well designed
configuration language), but with a lot of useful enhancements (eg, I can
use variables without having to pre-process with m4)
- CARP for firewall failover
- Active ftp support (using ftp-proxy or pftpx)
- Supported by {Free|Net|Open}BSD
That's just off the top of my head - I've probably missed lots and right
now I don't remember the One Reason why I switched from IPFilter.
-mj
--
Michael-John Turner | http://mjturner.net/
mj at turner.org.za | Open Source in WC ZA - http://www.clug.org.za/
More information about the geeks
mailing list