LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 10-02-2003, 10:49 AM   #1
yocompia
Member
 
Registered: Apr 2003
Location: Chicago, IL
Distribution: openbsd 3.6, slackware 10.0
Posts: 244

Rep: Reputation: 30
features in PF that are ! in iptables?


i've been reading the docs on setting up the packet filter on an OBSD system, but i can't tell yet if PF has added functionality over iptables. if you know of any filtering abilities that are unique to OBSD, i would like to hear about them.

thx for reading,
y-p
 
Old 10-02-2003, 05:58 PM   #2
whistles
Member
 
Registered: Aug 2003
Distribution: bsd
Posts: 41

Rep: Reputation: 15
I believe that pf allows for stateful filtering of all protocols where iptables does not,or needs patching to do full stateful filtering?? I do know that the syntax is way way easier to use ,as it is almost straight english. http://www.benzedrine.cx/pf.html is a very good source for pf info
 
Old 10-03-2003, 01:18 AM   #3
yocompia
Member
 
Registered: Apr 2003
Location: Chicago, IL
Distribution: openbsd 3.6, slackware 10.0
Posts: 244

Original Poster
Rep: Reputation: 30
i am to understand that linux can do stateful filtering, but i'm not certain. the more i read about PF, the more i prefer its syntax and setup to that of iptables. time to go back to the docs and get this thing configured...
 
Old 10-03-2003, 11:27 AM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Well I haven't looked at iptables too closely, but I do know that pf has an ability to allow only authenticated connections with authpf. I'm not aware of a similar function in iptables.

The main advantage of pf as far as I'm concerned is the syntax and keywords are actually readable. iptables is the worst and most obscure command line packet filtering I've seen as far as usability. Oh, also pf is supposedly the fastest of the open source packet filters, but I cannot confirm that.

Last advantage, you don't need multiple confusing chains of rules operating on the same packet. You just write out the commands to do exactly what you want and you don't have to worry about whether it's in the right chain, whether a chain behind it will block the packet, etc.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Features of KDE vs. Features of Gnome donlinux Linux - Newbie 17 12-04-2005 12:01 PM
ClamAV Features depam Linux - Software 1 10-25-2005 01:26 AM
bsd features? rusty_slacker *BSD 3 11-08-2004 01:51 PM
debian features? name_in_use450 Debian 5 06-10-2004 12:43 AM
RH 7.2 Security Features CarlJ Linux - Security 3 04-13-2003 12:48 PM


All times are GMT -5. The time now is 09:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration