Date: Sun, 29 Apr 2007 21:28:38 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Jack Barnett <jackbarnett@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Firewall Message-ID: <20070429112838.GH848@turion.vk2pj.dyndns.org> In-Reply-To: <dedb607c0704280508nf2c071dh2f76967999f68696@mail.gmail.com> References: <dedb607c0704280508nf2c071dh2f76967999f68696@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--YToU2i3Vx8H2dn7O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-Apr-28 07:08:18 -0500, Jack Barnett <jackbarnett@gmail.com> wrote: >I plan on using NAT so both internal networks can get to the internets. > >In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL, >IPFILTER and PF (BF?). I just need to do basic filtering and just a few >port forwards. Nothing to fancy. Which one would be recommended? Basically any of them will do what you want. The major differences are: - IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland. - IPfilter is the most portable. - PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in userland. Userland NAT or proxies incur significantly higher overheads than in-kernel equivalents (because the packets have to cross the kernel/userland barrier twice). This may be an issue if you have a very fast Internet connection and an underpowered firewall. --=20 Peter Jeremy --YToU2i3Vx8H2dn7O Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGNIFm/opHv/APuIcRAmUSAJ9LSTwOrd6UgUkt/6T22z5rzWyxhQCePnZz XxjiSLlImoIKGgkoqEa1A3o= =eKIG -----END PGP SIGNATURE----- --YToU2i3Vx8H2dn7O--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070429112838.GH848>