Date: Fri, 24 Jun 2005 10:59:10 -0400 From: Ean Kingston <ean@hedron.org> To: freebsd-questions@freebsd.org Subject: Re: firewall on freebsd Message-ID: <200506241059.11035.ean@hedron.org> In-Reply-To: <5fd642fc05062406331e283ffe@mail.gmail.com> References: <5fd642fc05062406331e283ffe@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On June 24, 2005 09:33 am, Khanh Cao Van wrote: > I'm going to learn about the freebsd firewall . In the handbook list > some of them and I could not find out what is the best . So I decided > to post here hoping to gain some of your opinion and experience . > I would like to know what firewall was the most wanted ? I have used > Linux several months and IP tables was a good statefull firewall . > What about in freeBSD ? All three are well written and all three pretty much do the same thing. Some things you may want to consider when choosing which firewall product to use: IPFW is part of FreeBSD and only runs on FreeBSD. Filtering is implemented in the kernel, NAT is a user-land daemon. IPFilter is written to work with many operating systems (FreeBSD and Solaris are two examples). Filtering and NAT both run in the kernel. IPF was written for OpenBSD and later ported to FreeBSD. IPF came into existence because of disagreements between certain members of the OpenBSD team and the author of IPFilter. Filtering is done in the kernel and I believe NAT is also in-kernel. I have used both IPFW and IPFilter professionally. I prefer IPFW but only because I am more used to its filtering language. I have not found a sufficiently good technical reason for choosing one over the other. For anyone who wants to start the in-kernel vs user-land NAT argument, I've already been through it and there are valid arguments for both sides. So, I won't get into it again. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506241059.11035.ean>