Date: Mon, 21 Jul 2014 19:12:57 -0400 From: Allan Jude <allanjude@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <53CD9E79.2060201@freebsd.org> In-Reply-To: <002601cfa4eb$b4554270$1cffc750$@gmail.com> References: <CAPS9%2BStPJRVSFLjpxgVEewT9fwHHFxw=qODAYa=uOAzb-V=v2Q@mail.gmail.com> <20140721.074105.74747815.sthaug@nethelp.no> <CAPS9%2BSsSmxZnTF8AEmEmWtGOd_8A%2Bd_8cYUYhuC3OsLYFxGHGQ@mail.gmail.com> <20140721.085616.74744313.sthaug@nethelp.no> <CAPS9%2BSsCQr1ME8gX7%2Bh_8s_1wwC3kg-9=_JhynJZ8pM6e5-qYw@mail.gmail.com> <002601cfa4eb$b4554270$1cffc750$@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xUDRlQDDH6xi727ijkBBNQEHuJgM2LNO2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-07-21 09:57, bycn82 wrote: > There is no doubt that PF is a really good firewall, But we should noti= ced that there is an ipfw which is originally from FreeBSD while PF is fr= om OpenBSD. >=20 > If there is a requirement that PF can meet but ipfw cannot, then I thin= k it is better to improve the ipfw. But if you just like the PF style, th= en I think choose OpenBSD is the better solution. Actually OpenBSD is ano= ther really good operating system.=20 >=20 > Like myself, I like CentOS and ipfw, so no choice :) >=20 >=20 The only thing I've really found lacking in IPFW is the NAT implementation. Specifically, when trying to do port-forwarding. All of the rules have to go in the single 'ipfw nat' rule, and it makes it cumbersome to manage. --=20 Allan Jude --xUDRlQDDH6xi727ijkBBNQEHuJgM2LNO2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTzZ58AAoJEJrBFpNRJZKf8uIP/3uC9OWrHJ/IBLEcDRjqFUzs a6vT3EiqtcmGBdpgBfnL9E2XdAGkxNG3ZeUIYatG+QkBrctpG25+0+O+z3Da5SZB MgD+nxnET/ygBOKzr1D3uZ8T6nubVdDy7A4/luFwi7yJc8CJwx9pNQZwNDuaEHnL sHkzUJfEyiymZOYmWY4IntZyakYVPAb9ViwL3drWl+jR04MfyVJJ8ZwWzQBk91F7 OzYIO1lg7ibG2UvDnA2itCYqKiL8P6w4tPwdmBdQVeVzb8IbJuQ9qjXIwLTaPm4z PTj4AjNI1BkRmhUDDp4KTth0KflKHPnPokVOlqu6Vy5Rv++3OnfjD8xJKrTjKaNR fgTyoCVBsD964DN0t4ljplN2h5kL4GWeYHIE1YgWNM+Eghgq1m+bOCWah/FEUzK4 ea2V5Jy+7RZQnsFYTQnH7Psav3oFydS03aQ1xdICvvkQQxqzWPEM0VUDYo9ywJIo DhIBbtey9nlRtvzKNEjxcXgrHBDLsYt7+C/yuEIptB0KSBBNxvNDOtNch+1W8hN5 v6b0+IGv/FLWYlkpN/AEtyvsSIRsoM2mHRaA4DQi58RYEg896rNqwkKBiLN+jwW5 gO5wsEDNaCANFnBcaYnMWjAmVZ3UqoYAA7Jh5ho20ljiv7KN75+wVUhLyjurVN+J IZ8jMAslUGDexP9vbKh6 =avBf -----END PGP SIGNATURE----- --xUDRlQDDH6xi727ijkBBNQEHuJgM2LNO2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53CD9E79.2060201>