Date: Wed, 21 May 2014 17:20:11 +0800 From: k simon <chio1990@gmail.com> To: freebsd-stable@freebsd.org Subject: Re: What is your favourite/best firewall on FreeBSD and why? Message-ID: <537C6FCB.8060600@gmail.com> In-Reply-To: <537C654B.1010205@gmail.com> References: <20140520070926.GA92183@The.ie> <4341ADF1-E684-4531-8DD0-10107E097D68@punkt.de> <CAPS9%2BSs0=wkBuNO4=H3Gt7mVor9hVpN4f_EVQ_Ywga_Z1c2UaA@mail.gmail.com> <537C654B.1010205@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
δΊ 14-5-21 16:35, Rolf Nielsen ει: > IPFW for me too. IPFW +1. Though it does not support nat pool until now:), and I never used it for "keep-states". PF is easy used, but it is hard to master for me. It's check packet sequnce too strict and prevnt reuse src port in extreme load if you does not be expert in adjust the timeouts. But pf's "scrub" and "reply-to" is amazing, and syntax is easy to understand. Pfsync+pfflowd is a good idea to implement netflow/ipfix probe. I think it's have low overhead and better performance than ng_netflow because you can install a pfflowd instance on a different box. But pfflowd is outdated since FB 9 released. Regards Simon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?537C6FCB.8060600>