ipfirewall
- "ipfw" directs here; for the University in Fort Wayne 'IPFW' see: Indiana University – Purdue University Fort Wayne.
ipfirewall or ipfw is a FreeBSD IP packet filter and traffic accounting facility. Its ruleset logic is similar to many other packet filters except IPFilter. ipfw is authored and maintained by FreeBSD volunteer staff members. Its syntax enables use of sophisticated filtering capabilities and thus enables professional users to satisfy advanced requirements. It can either be used as a loadable kernel module or incorporated into the kernel; use as a loadable kernel module where possible is highly recommended. ipfw is the built-in firewall of Mac OS X[1] and DragonFly BSD. Like FreeBSD, ipfw is open source. It is used in many FreeBSD-based firewall products, including m0n0wall and FreeNAS. A port of ipfw and the dummynet traffic shaper is available for linux, openwrt and Windows at [1]. wipfw is a Windows port of an old (2001) version of ipfw.
ipfirewall is composed of these components:
- kernel firewall filter rule processor and its integrated packet accounting facility
- logging facility
- "divert" rule (NAT)
- advanced special purpose facilities
- the dummynet traffic shaper
- "fwd rule" forward facility
- the bridge facility
- ipstealth
- per-packet kernel-wide tagging (set, unset and check 16-bit tags)
- ALTQ-based QoS disciplines
- rule sets for atomic management of multiple rules
- a full-blown stateful engine with connection limiting
- anti-spoofing rules based on routing table
- lookup tables based on Radix trees
- per-rule byte and packet counters
- built-in NAT, Port address translation and LSNAT (load-sharing) facilities (since FreeBSD 7)
- IPv6 support (with several limitations)
Alternative user interfaces for ipfw
This article's use of external links may not follow Wikipedia's policies or guidelines. (June 2010) |
See also
- netfilter/iptables, a Linux-based descendant of ipchains
- PF (firewall), another widely deployed BSD firewall solution
References
- ^ ipfw is the only firewall software in Mac OS X v10.4 and below. Mac OS X v10.5 uses both an application firewall and ipfw. Apple Knowledge Base #HT1810
- ^ http://www.symantec.com/content/en/us/about/media/06.25.04CPD.GLBL.EULA.NIS_NAV_NPF_NGB_NAS2005.pdf
- ^ http://www.symantec.com/content/en/us/about/media/08.23.05cpd.glbl.eula_nis_nav_npf_2006.pdf
- ^ http://www.symantec.com/norton/macintosh/personal-firewall
External links
- ipfw section of the FreeBSD Handbook.
- ipfw and dummynet home page including versions for Linux, OpenWR and Windows
- Ipfw-HOWTO
- wipfw Windows port of an old (2001) version of ipfw
- ipfw(4), ipfw(8), divert(4), altq(4), dummynet(4) – ipfw-related FreeBSD man pages