Date: Sun, 29 Apr 2007 12:23:28 -0700 From: Julian Elischer <julian@elischer.org> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: Jack Barnett <jackbarnett@gmail.com>, freebsd-net@freebsd.org Subject: Re: Firewall Message-ID: <4634F0B0.5060007@elischer.org> In-Reply-To: <20070429112838.GH848@turion.vk2pj.dyndns.org> References: <dedb607c0704280508nf2c071dh2f76967999f68696@mail.gmail.com> <20070429112838.GH848@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Jeremy wrote: > On 2007-Apr-28 07:08:18 -0500, Jack Barnett <jackbarnett@gmail.com> wrote: >> I plan on using NAT so both internal networks can get to the internets. >> >> In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL, >> IPFILTER and PF (BF?). I just need to do basic filtering and just a few >> port forwards. Nothing to fancy. Which one would be recommended? > > Basically any of them will do what you want. The major differences are: > - IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland. though that is just fine for your average DSL link.. it is in kernel in 7.0 > - IPfilter is the most portable. > - PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in userland. > > Userland NAT or proxies incur significantly higher overheads than > in-kernel equivalents (because the packets have to cross the > kernel/userland barrier twice). This may be an issue if you have a > very fast Internet connection and an underpowered firewall. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4634F0B0.5060007>