From owner-freebsd-questions Wed Nov 21 17:54: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pogo.caustic.org (caustic.org [64.163.147.186]) by hub.freebsd.org (Postfix) with ESMTP id 5648737B405 for ; Wed, 21 Nov 2001 17:54:03 -0800 (PST) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fAM1rnW29653; Wed, 21 Nov 2001 17:53:50 -0800 (PST) (envelope-from jan@caustic.org) Date: Wed, 21 Nov 2001 17:53:49 -0800 (PST) From: "f.johan.beisser" X-X-Sender: To: Erik Trulsson Cc: shanon loveridge , Subject: Re: FreeBSD as a Firewall In-Reply-To: <20011121234606.GA14744@student.uu.se> Message-ID: <20011121164612.W16958-100000@localhost> X-Ignore: This statement isn't supposed to be read by you X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN? MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 22 Nov 2001, Erik Trulsson wrote: > I don't think OpenBSD would be better for this. Probably just as good > but not better. Their focus on security is primarily in making sure > that there are no security problems with the OS itself. This does not > mean that they have a better firewall. Actually, I've found that OpenBSD is easier to configure and deal with in the bridging and "invisible" firewall configuration than FreeBSD. The smaller installation footprint of OpenBSD has also proven to be handy, if a tad bit unfamiliar to people used to most Linux distributions or FreeBSDs generic install. now, honestly, as far as i386 goes, FreeBSD may well be the way to go since it supports many more components and hardware than any other BSD. another deciding factor in your choice should also be what firewall software you want to use. IPFilter is available on NetBSD, FreeBSD, and OpenBSD (up through 2.9). IPFilter is somewhat obtuse in syntax, but very powerful, so reading the FAQ and having some basic grounding in TCP/IP is necessary before you begin to hack out rules. IPFW is the native FreeBSD firewall. it's easier to handle, has easier syntax to read, but isn't quite as powerful as IPFilter. the upcoming release of OpenBSD 3.0 unveils our 3rd firewall candidate: pf. pf uses syntax similar to IPFilter, allows macro style expansion of the rules. very handy. sadly, it is still somewhat buggy, and not quite production level in code quality. what this all means to you, the user? uh.. not much. try them both out. IPFilter has slowly grown on me, to the point where i don't want to use anything else (why bother? one ruleset, all the possible versions of BSD I'd going to install and use..). if Net- and Free- BSD import pf, I'll probably switch over to it. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "if my thought-dreams could be seen.. "they'd probably put my head in a guillotine" -- Bob Dylan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message