Pf vs. IPF (was RE: Another PF question)

> I might mention that IPF works just fine with OpenBSD 3.2,

It's not really a matter of politics for me, just functionality.

IPF never worked for me. It was never able to handle RDP (Terminal Server) connections, for example, and the box I installed it on would max out every so often, and that was just firewalling my server closet. The terminal screen was always full of arp: llinfo errors while running. I had real concerns it could handle my entire subnet. Plus it was a hassle trying to upgrade.

> pf has gained great functionality since 3.1

I actually switched to OpenBSD 3.0-beta for production use, because it was better than 2.9-stable with IPF. I found that my "configuration errors" with RDP immediately went away in pf. The new functionality is just icing on the cake. Pf seems to be the pre-eminent firewall; a lot of people at UCD have compared costs for SonicWalls and PIXs, looked at what I've done with OpenBSD/pf, and gone with OpenBSD.

(Some people like spending money, however ;-)

Of course, it's helpful that pf is built upon a solid foundation.

--Adam Received on Wed Mar 12 18:15:23 2003

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek