comparisons between ipfw, ipchain and, iptable

[mkwan]

someone recently told me that ipfw was used in Red Hat Linux version 5.0. When that version was upgraded to 6.2, ipfw was superseded to ipchain and ipchain was again superseded to iptable.

Is ipfw an old utility? and why is FreeBSD/OSX still using it?

 

[scruffy]

iptables is the replacement to ipchains, the common Linux kernel firewalls; I think it's more or less kernel 2.2 = ipchains, kernel 2.4 = iptables. I'm almost certain ipfw has ever been a Linux thing. ipfirewall (ipfw is the command that controls it) is a FreeBSD thing, and I'm pretty sure it's completely separate from ipchains and iptables.

Stateful filtering was added to ipfw in FreeBSD 4.0 (according to the manual page in OS X), and to my understanding, the addition of stateful filtering to the Linux kernel firewall was one of the main differences between ipchains and iptables.

So, yes, ipfw is relatively old, but it's not like the actual version that's included in FreeBSD and OS X is out of date...

 

[mkwan]

ok, what does ipfw(8) mean?....(I saw it in the man command)

 

[nixgeek]

ipfw should mean "ip forwarding".... I think the command was ipfwadm back then in linux to configure ip firewalling and forwarding

 

[bob@bomar.us]

ipfw(8) means the eighth section of the man pages:

# man 8 ipfw

Its user commands. Section 3 are libraries, etc...

 

[mkwan]

ok, thanks