Date: Tue, 22 Jul 2014 13:02:26 +0800 From: "bycn82" <bycn82@gmail.com> To: "'Allan Jude'" <allanjude@freebsd.org>, <freebsd-current@freebsd.org> Subject: RE: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <002e01cfa56a$23ef3770$6bcda650$@gmail.com> In-Reply-To: <53CD9E79.2060201@freebsd.org> References: <CAPS9%2BStPJRVSFLjpxgVEewT9fwHHFxw=qODAYa=uOAzb-V=v2Q@mail.gmail.com> <20140721.074105.74747815.sthaug@nethelp.no> <CAPS9%2BSsSmxZnTF8AEmEmWtGOd_8A%2Bd_8cYUYhuC3OsLYFxGHGQ@mail.gmail.com> <20140721.085616.74744313.sthaug@nethelp.no> <CAPS9%2BSsCQr1ME8gX7%2Bh_8s_1wwC3kg-9=_JhynJZ8pM6e5-qYw@mail.gmail.com> <002601cfa4eb$b4554270$1cffc750$@gmail.com> <53CD9E79.2060201@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
i thought the nat in ipfw is as elegant as in iptables :) but it is good to know that because different opinion actually is a = chance to improve. and why not share with us why the ipfw nat is cumbersome or how to be = not cumbersome. > -----Original Message----- > From: owner-freebsd-current@freebsd.org [mailto:owner-freebsd- > current@freebsd.org] On Behalf Of Allan Jude > Sent: 22 July, 2014 7:13 > To: freebsd-current@freebsd.org > Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? >=20 > On 2014-07-21 09:57, bycn82 wrote: > > There is no doubt that PF is a really good firewall, But we should > noticed that there is an ipfw which is originally from FreeBSD while = PF > is from OpenBSD. > > > > If there is a requirement that PF can meet but ipfw cannot, then I > think it is better to improve the ipfw. But if you just like the PF > style, then I think choose OpenBSD is the better solution. Actually > OpenBSD is another really good operating system. > > > > Like myself, I like CentOS and ipfw, so no choice :) > > > > >=20 > The only thing I've really found lacking in IPFW is the NAT > implementation. Specifically, when trying to do port-forwarding. All = of > the rules have to go in the single 'ipfw nat' rule, and it makes it > cumbersome to manage. >=20 >=20 > -- > Allan Jude
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002e01cfa56a$23ef3770$6bcda650$>