From owner-freebsd-questions@FreeBSD.ORG Fri Jan 5 15:50:07 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 22C6516A403 for ; Fri, 5 Jan 2007 15:50:07 +0000 (UTC) (envelope-from agus.262@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.freebsd.org (Postfix) with ESMTP id A09E813C441 for ; Fri, 5 Jan 2007 15:50:06 +0000 (UTC) (envelope-from agus.262@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so5108093uge for ; Fri, 05 Jan 2007 07:50:05 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=RolCCAizNVxLqnUTNsUY5mX8IfpIeVwPV9L5Ns6Pn6PAqMsssZavOOfmLO59eDNPMfKPVBYDDLKXJPkuen/EAC67imneao/RpeFQMqQVggxrci9Pyr7f9qzF3T/MGN3wMtuqB6qX9RjlWRnCW1SpvzTCUfr61Ljgca033nNdJY4= Received: by 10.82.135.13 with SMTP id i13mr1808665bud.1168010491022; Fri, 05 Jan 2007 07:21:31 -0800 (PST) Received: by 10.82.151.4 with HTTP; Fri, 5 Jan 2007 07:21:30 -0800 (PST) Message-ID: Date: Fri, 5 Jan 2007 12:21:30 -0300 From: Agus To: "Matthew Seaman" In-Reply-To: <459E0E2F.8010505@infracaninophile.co.uk> MIME-Version: 1.0 References: <60224D09909C0B43A50935A0893D8FF31DA2DC@srv.exchange.net24.net.nz> <459D76E6.2030904@mikestammer.com> <459E0E2F.8010505@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Brett Davidson , Atom Powers , questions@freebsd.org Subject: Re: Advice on which FreeBSD firewall package to choose. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 15:50:07 -0000 It seems is unanimous....PF it is....remember u have to compile the Kernel to activate this, i=B4ve done it for the first time, yesterday and its very simple....also checkout the ALTQ for QoS, good luck 2007/1/5, Matthew Seaman : > > Atom Powers wrote: > > On 1/4/07, Eric wrote: > >> Brett Davidson wrote: > >> > Before I start, I'm familiar with IPTables from Linux but am wanting > to > >> > use FreeBSD as a firewalling router after seeing it in action on a > >> > heavily-loaded webserver. I like the efficiency of the TCP stack. > >> > > >> > Upon reading the handbook I found that I can have my choice of three > >> > firewalls; pf, iptables and ipfw. > >> > > > ... > >> > > >> > Against prudence, they wish to allow torrent connections to the > inside > >> > lan and ICQ connections to both the Inside LAN and the Wireless DMZ. > >> The > >> > torrent and ICQ connections will need to be bandwidth-managed so > >> that is > >> > a major consideration for the choice of which firewall to use. Is > there > >> > an equivalent to HTB on FreeBSD? > >> > > >> > > >> i believe pf is the most modern and cleanest/easiest syntax to use. it > >> is actively developed and lots of people use it. You can set up > priority > >> on bandwidth in pf as well, so it should meet all your requirements > >> nicely. > > > > pf will also do the bandwidth management you want. I've used ipfw, > > ipf, iptables, and pf; pf is by far the most powerful and easy to use. > > > > I also heartily endorse the use of pf. However be aware that if you > want to use the QoS and other bandwidth management features you will > need to compile yourself a custom kernel with the appropriate ALTQ > stuff turned on. Unfortunately ALTQ is not currently available as a > loadable module. Compiling a new kernel is not particularly difficult > though. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > Kent, CT11 9PW > > > >