Date: Mon, 26 May 2014 03:07:49 -0700 From: Lucius Rizzo <Lucius.Rizzo@The.ie> To: freebsd-stable@freebsd.org Subject: Re: What is your favourite/best firewall on FreeBSD and why? Message-ID: <20140526100749.GA83229@The.ie> In-Reply-To: <5380EF14.60202@bluerosetech.com> References: <20140520070926.GA92183@The.ie> <5380EF14.60202@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Darren Pilgrim <list_freebsd@bluerosetech.com> [2014-05-24 12:12]: > On 5/20/2014 12:09 AM, Lucius Rizzo wrote: > > I have been looking into articles comparing firewalls that come with > > FreeBSD. There isn't much recent info on the net. I am currently using > > FreeBSD 10 with IPFilter. > > > > Firewalls are like MTA servers I find. Each person has their own > > proclivities. I happened to have started with IPFilter with Solaris and > > throughout Solaris years. Lately, on my Linux servers, I end up running > > ufw as lazy man's iptables cli frontend which is easy enough. > > > > Ultimately, outside configuration differences all firewalls are essenti= ally > > serve the same purpose but I wonder what is your favorite and why? If > > you were to run FreeBSD in production, which of the three would you > > choose? IPFilter, PF or IPFW? >=20 > I use ipfw on servers and end devices when I need a mitigation-oriented=20 > firewall. It makes simple work of putting up notch filters, but its=20 > syntax gets a bit ugly if you're doing up a router configuration. >=20 > I build routers from pf on OpenBSD and Intel hardware. $1k of PC and I=20 > can shove gigabits through full BGP tables and big sets of ACLs all day=20 > long. Something comparable from Cisco would have a five- or six-digit=20 > price tag and leave you unsatisfied. For lighter workloads, Ubiquiti's=20 > EdgeRouter family is lovely and it gets you the benefit of a well-known=20 > interface if you're handing off the admin hat. I abandon FreeBSD in=20 > this use case--ipfw syntax isn't clean enough and pf's IPv6 support is=20 > broken. >=20 > I haven't touched ipf in over a decade and don't miss it at all. Does anyone know what happened to Darren Reed from ipfilter? Last, I checked he had moved to Asia and was working under the Oracle umbrella... IPFilter page is now a redirect to ANU's main site. Pity. --=20 | _o _ |_)o_ _ _=20=20 |_|_|(_||_|_> | \|/_/_(_) - Lucius.Tel -------------------------------------- ++ Success is relative: It is what we can make of the mess we have ++ ++ made of things. ++ ++ -- T. S. Eliot, "The Family Reunion" ++ --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTgxJ0AAoJEDTEFvl1pMrQlAMQALyT5F0iE4eNe9eMaNhklyf0 QDJUN8EZg7g06Maeo4VBkVxjVCB0ZePcfb92YuiVo6HGufBmxZ6vNl78IfN3mXvu zo/e9bst3eSxunLwAzRmYFAq5PJB6r6m9ZCGnfZbgR0b8XTJXCjnkoKXAeo5C892 eRX1Ox1QYWaOFnmls2OSmZz6F7OetLwiFUVmUefDO6v/pOMldW3cAcpr2q8AMzo8 fXLbvyxLURioALVscvgeEno5scIaKWkwVOCL1G+3qK9KZnD3IrmEAvx6+GOa3IUI gob/qa8DDldFcT6Jn9n6uS114DVTSOaj/2T3+wBUXpmCDkZs1GUJXWl6L7CJR6hH Q5534jmPmIkQ9pa0E7LHQ6UmeVO6H7kfZpuEpK7ueRslFLeaC4NtIDZkz5yurFs2 EgTg8RqQQllgBktUX9QPmQSApyya8GUYDGi1Sx2EP5tjLAK0/GyTupuHeAqSN5/u cViM0lnvNekQ6XEouYQUve8G33Q6C6L9sQ2/4mMA0NU55XmtUEU9fB1Vz3w9BB+y DzT7S6q7/Qu7QCDQxBkgKkcBsbodbHUyaCf64hCPC+UIYHAnbI3EzZWa5GzsbcZw rOsJ6yT/Rtlx4MxY/9TBSNnYC1cBdlsGGuRbqNz/NYrY8cOR7uB5kpUaMpwFXh84 VCMjhahAxJQrmP4DcEtI =Iw7r -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140526100749.GA83229>