Difference between revisions of "Comparison"

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search
m
Line 6: Line 6:
 
| Firewall || PF (2011) || PF (2007)  || ipfilter  || iptables || iptables || iptables
 
| Firewall || PF (2011) || PF (2007)  || ipfilter  || iptables || iptables || iptables
 
|-
 
|-
| Architecture || Intel 32/64-bit || Intel 32/64-bit  || Intel 32-bit  || Intel 32-bit || Intel 32-bit || Intel 32/64-bit
+
| Architecture || Intel 32/64-bit || Intel 32/64-bit  || Intel 32-bit  || Intel 32-bit || Intel 32-bit || Intel 32/64-bit
 
|-
 
|-
 
! Management !! !! !! !! !! !!
 
! Management !! !! !! !! !! !!
 
|-
 
|-
| Config format || [[Configuration_file|Clear-text]] || XML || XML  || Clear-text || Semi-clear-text
+
| Config format || [[Configuration_file|Clear-text]] || XML || XML  || Clear-text || Semi-clear-text || Binary (floppy)
 
|-
 
|-
| Restore/rollback without reboot || [[Backend|Yes]] || No || No  || No || No
+
| Restore/rollback without reboot || [[Backend|Yes]] || No || No  || No || No || No
 
|-
 
|-
| Test/confirm without reboot || Yes || No || No  || No || No
+
| Test/confirm without reboot || Yes || No || No  || No || No  || No
 
|-
 
|-
| Revision-managed config || Yes (Subversion) || Yes (files) || No  || Yes (file rotation) || No
+
| Revision-managed config || Yes (Subversion) || Yes (files) || No  || Yes (file rotation) || No || No
 
|-
 
|-
| Commit multiple changes || Yes || No || No  || Yes || No
+
| Commit multiple changes || Yes || No || No  || Yes || No || No
 
|-
 
|-
| CLI config editor || [[Configure|Yes]] || No || No  || Yes  || Yes
+
| CLI config editor || [[Configure|Yes]] || No || No  || Yes  || Yes || No
 
|-
 
|-
| API || [[SOAP]] || No || No  || REST  || Custom
+
| API || [[SOAP]] || No || No  || REST  || Custom || No
 
|-
 
|-
! VPN server !! !! !! !! !!
+
! VPN server !! !! !! !! !! !!  
 
|-
 
|-
| L2TP || Yes || Yes || No || Yes|| Yes
+
| L2TP || Yes || Yes || No || Yes|| Yes || No
 
|-
 
|-
| PPTP NAT passthrough || [[Proxies#PPTP_proxy|Yes]] || No || No || Yes (iptables) || Yes (iptables)
+
| PPTP NAT passthrough || [[Proxies#PPTP_proxy|Yes]] || No || No || Yes (iptables) || Yes (iptables) || No
 
|-
 
|-
| DNS suffix in PPTP/L2TP || [[VPN_server#Search_domain|Yes]] || No || No || No || No
+
| DNS suffix in PPTP/L2TP || [[VPN_server#Search_domain|Yes]] || No || No || No || No || No
 
|-
 
|-
| Client routes in PPTP/L2TP || [[VPN_server#Routing|Yes]] || No || No || No || No
+
| Client routes in PPTP/L2TP || [[VPN_server#Routing|Yes]] || No || No || No || No || No
 
|-
 
|-
| Filter-ID for RADIUS || [[VPN_server#Groups|Yes]] || No || No || No || Yes
+
| Filter-ID for RADIUS || [[VPN_server#Groups|Yes]] || No || No || No || Yes || No
 
|-
 
|-
! Routing !! !! !! !! !!  
+
! Routing !! !! !! !! !! !!
 
|-
 
|-
| MPLS || Yes (PE/VPN) || No || No  || No || Yes
+
| MPLS || Yes (PE/VPN) || No || No  || No || Yes || No
 
|-
 
|-
| Built-in OSPF/BGP || Yes (OpenBGP/OSPFD) || No || No  || Yes (Quagga) || Yes
+
| Built-in OSPF/BGP || Yes (OpenBGP/OSPFD) || No || No  || Yes (Quagga) || Yes || No
 
|-
 
|-
| BGP TCP-MD5 || Yes || No || No  || Yes || Yes
+
| BGP TCP-MD5 || Yes || No || No  || Yes || Yes || No
 
|-
 
|-
! IPv6 !! !! !! !! !!
+
! IPv6 !! !! !! !! !! !!
 
|-
 
|-
| Firewall rules || [[IPv6|Dual-stack]] || Rule duplication || Rule duplication || Rule duplication || Rule duplication
+
| Firewall rules || [[IPv6|Dual-stack]] || Rule duplication || Rule duplication || Rule duplication || Rule duplication || No
 
|-
 
|-
| Layer-3 translation (eg. NAT64) || [[IPv6|Yes]] || No || No || No || No
+
| Layer-3 translation (eg. NAT64) || [[IPv6|Yes]] || No || No || No || No || No
 
|-
 
|-
! Others !! !! !! !! !!
+
! Others !! !! !! !! !! !!  
 
|-
 
|-
| Layer 7 load balancing || Yes || No || No  || No || ?
+
| Layer 7 load balancing || Yes || No || No  || No || ? || No
 
|}
 
|}

Revision as of 21:01, 13 November 2012

Halon 3.0-p17 pfSense 2.0.1 m0n0wall 1.33  Vyatta 6.4 Mikrotik 5.20 Smoothwall 3.0sp3
Platform OpenBSD 5.0 FreeBSD 8.1 FreeBSD 6.4 Linux 3.0.23 Linux 2.6 Linux 2.6
Firewall PF (2011) PF (2007) ipfilter iptables iptables iptables
Architecture Intel 32/64-bit Intel 32/64-bit Intel 32-bit Intel 32-bit Intel 32-bit Intel 32/64-bit
Management
Config format Clear-text XML XML Clear-text Semi-clear-text Binary (floppy)
Restore/rollback without reboot Yes No No No No No
Test/confirm without reboot Yes No No No No No
Revision-managed config Yes (Subversion) Yes (files) No Yes (file rotation) No No
Commit multiple changes Yes No No Yes No No
CLI config editor Yes No No Yes Yes No
API SOAP No No REST Custom No
VPN server
L2TP Yes Yes No Yes Yes No
PPTP NAT passthrough Yes No No Yes (iptables) Yes (iptables)  No
DNS suffix in PPTP/L2TP Yes No No No No No
Client routes in PPTP/L2TP Yes No No No No No
Filter-ID for RADIUS Yes No No No Yes No
Routing
MPLS Yes (PE/VPN) No No No Yes No
Built-in OSPF/BGP Yes (OpenBGP/OSPFD) No No Yes (Quagga) Yes No
BGP TCP-MD5 Yes No No Yes Yes No
IPv6
Firewall rules Dual-stack Rule duplication Rule duplication Rule duplication Rule duplication  No
Layer-3 translation (eg. NAT64) Yes No No No No No
Others
Layer 7 load balancing Yes No No No ? No