Date: Mon, 26 May 2014 00:29:36 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Lucius Rizzo <Lucius.Rizzo@the.ie> Cc: freebsd-stable@freebsd.org, David Noel <david.i.noel@gmail.com> Subject: Re: What is your favourite/best firewall on FreeBSD and why? Message-ID: <20140525235945.V5669@sola.nimnet.asn.au> In-Reply-To: <20140524055733.GA69376@The.ie> References: <20140520070926.GA92183@The.ie> <CAHAXwYAZzFdqsEjA3xApZXaSZHaJR2R8XHds_aZDBcaRCGxNpQ@mail.gmail.com> <CAHAXwYCi%2BqRmCfY1FKCXXvnxDQW-Xn113yv-dLTBaC04Th9r6Q@mail.gmail.com> <20140524055733.GA69376@The.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 23 May 2014 22:57:33 -0700, Lucius Rizzo wrote: > * David Noel <david.i.noel@gmail.com> [2014-05-24 00:31]: > > On 5/23/14, David Noel <david.i.noel@gmail.com> wrote: > > > On 5/20/14, Lucius Rizzo <Lucius.Rizzo@the.ie> wrote: > > >> If you use any of the firewalls, and have interesting > > >> or even optimized rule sets, I would really like to see them :) > > > > > > I'll post them shortly. > > > > > > > Let me know if I missed anything. > > Thank you! This actually helps. I have a set of IPFilter rules that I > plunk on my FreeBSD servers running on cloud. I use IPFilter with > ssguard-ipfilter. (See Attached) > > Seems like consesus is that pf is perhaps the best choice moving forward. There's no concensus except what you'd prefer it to be. If you count messages you might have had to use ipfw, but I'm not surprised that pf is likely more comfortable conceptually to someone familiar with ipf. To one happier with procedural programming down to assembler level to sh or Pascal rather than more object-oriented languages, ipfw is nice and bare-metal and doggedly procedural. Others prefer the more symbolic approach, and pf has always felt that to me, but that's subjective. We've seen good specifics on which suits whom, and in what scenarios. I liked Darren Pilgrim's non-sectarian approach, preferring ipfw on (his) servers and pf - on OpenBSD - on (his) routers. And we got some interesting high-level takes from folks running enterprise-scale stuff down to what might best suit embedded gear. It's been fun :) However, I want the bikeshed slightly on the yellow side of burnt ochre. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140525235945.V5669>