have a router, so do I still need IPF?

I own a Linksys router (firewall) hardware, so do I still should enable IPF in my freebsd anyway?

I seem to not find and understand the advantage and disadvantage between IPF and IPFW?

From my experience, IPF has been more secure than IPFW to me.

Thanks,
Mezz

Don't trust that kind of firewall, you should still setup IPF. If it's not too late, you should return your router. Why need a router when FreeBSD can do it more securely? You will keep your box 24/7 up anyway.

As far as IPF vs. IPFW, i haven't used IPFW long enough (perhaps just few months) to make the comparision. For the ruleset syntax, IPFW seems to have the edge over IPF because you can assign env to a particular condition in IPFW which makes your ruleset alot shorter than IPF (linear ruleset). PF's ruleset (for OpenBSD 3.0) is even better in terms of readability.
That's why when you have over 100 rulesets in IPF, you are urged to use rule group for better performance.
As far as the features, security and stability, needless to say, IPF is much better than IPFW, except dummynet support in IPFW.
IMHO, IPF, with those kind of benefits, outweigh its poor ruleset syntax. Once you setup your rulesets, you need not to alter it too often. You must have a serious problem if you need to change your rulesets frequently.

>> Don't trust that kind of firewall, you should still setup IPF.

Ok, I will enable IPF and configure there.

>> If it's not too late, you should return your router.

Actually, I had this router for over 7 to 8 months and another router was very old around over one and half year, which I trashed it.

>> Why need a router when FreeBSD can do it more securely? You will keep your box 24/7 up anyway.

Well, previous FreeBSD, there used to have whole Windows. Windows is nothing secure as FreeBSD, which I trust on router more than Windows or apps for Windows too. Now, I have one FreeBSD box is mine and two Windows boxes for family.

Thanks for comment on IPF vs IPFW. I agreed about IPFW's ruleset is a lot shorter than IPF. Don't you think, there will have PF port in FreeBSD?

Anyway, have you read BSDvault's interview of Jordan K. Hubbard? If not, then it's at http://bsdvault.net/hubbard.html . It's pretty interesting there.

Thanks again,
Mezz

>> Don't you think, there will have PF port in FreeBSD?

Probably, but I will not ditch IPF. If I have to choose between IPFW and PF, I'd choose IPFW. Even iptables in Linux is much better than PF. That's why I feel sorry for the OpenBSD's crowd. Though, I think IPF (from Darren) is somewhat ready.

>> have you read BSDvault's interview of Jordan K. Hubbard?

Yes.

why don't you like pf? I think it's syntax is easier to read and more stable the IPF