[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: IPTables vs. FreeBSD
From:       Fabrice MARIE <fabrice () celestix ! com>
Date:       2002-01-31 21:01:46
[Download RAW message or body]


Hello,

On Friday 01 February 2002 02:46, Casey Allen Shobe wrote:
> Ok, I've been trying to deal with a bunch of FreeBSD-lovers (nothing
> against them, mind you), who claim than FreeBSD's equivalent to IPTables is
> *far* superior.  Can anybody point me to a good rundown of features
> available in both, side by side?

Let's not enter into a holly war. From what I can see, the great advantage
of netfilter lies in its developement model and its open architecture
that allows third party plugins. Third party modules are basically new
matches (match based on a new set of criteria), new targets (do new things
with the packets), and conntrack/NAT modules (to track connection of or NAT
a new protocol).

For a (not even exhaustive!) list
of cool third party features have a look at :
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html
Some of them are already well tested and will probably make it into
kernel 2.5, some of them are just toys for hackers..

Additionally, for a long time, some people have turn to *BSD
because they thought that the bridging was not working fine with netfilter,
but Lennert fixed this not so long ago in the netfilter FAQ:
http://www.netfilter.org/documentation/FAQ/netfilter-faq-3.html#ss3.3

Hope that helps.

Have a nice day,

Fabrice.
--
Fabrice MARIE
Senior R&D Engineer
Celestix Networks
http://www.celestix.com/

"Silly hacker, root is for administrators" 
       -Unknown

[prev in list] [next in list] [prev in thread] [next in thread]