The URL for this document is http://whatexit.org/tal/mywritings/freefilters.html. If you have updates send them via email to email@example.com.
|ipf||included with FreeBSD 3.x, 4.x, NetBSD 1.3 to present, OpenBSD 2.x (NOT 3.x), ported to Solaris, IRIX 6.2, HP-UX 11 and many other Unixes||very complete featureset including stateful inspection that goes
beyond what most systems do (for example: special ICMP handling for TCP connections).
|ipfw||included with FreeBSD 4.x||very complete featureset especially rate-controls (traffic
shaping) and redirection, and the ability for certain UIDs to have
their own rules (User "foo" can't use telnet... bwahahahaha). However stateful inspection is fairly basic.
(Not to be confused with Linux's "ipfw" command)
(Technically ipfw is the interface to FreeBSD's dummynet(4) traffic shaper. The NAT is userlevel, unlike IP Filter which does it in kernel)
FreeBSD has IP Firewall as well as IP Filter because people wanted IPFilter but IP Firewall has a longer established history.
|ipfw||included with BSD/OS||COMPLETELY UNRELATED TO the FreeBSD ipfw. Some consider this to be, by far, the best firewall package.|
|ipfw||Linux pre-2.0 kernel|
|ipfwadm||Linux kernel 2.0|
|ipchains||Linux kernel 2.2|
aka "IP Tables"
(with commands called "ipfwadm" and "ipchains" for backwards compatibility)
|Linux kernel 2.4.0||While developing IP Firewall Chains, Paul Russell decided to create an entirely new framework called "netfilter".|
|OpenBSD 3.x||This is a OpenBSD packet filter. It sports features including bidirectional NAT support, traffic normalization, uid-based rules, user-level FTP application proxy, IPv6 support, logging of blocked packets to a dummy interface for debugging.|