From nobody Sun Apr 09 17:06:25 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pvdmr0B5rz44j5X; Sun, 9 Apr 2023 17:06:36 +0000 (UTC) (envelope-from possessor.assizer305@aceecat.org) Received: from beesty.loosely.org (beesty.loosely.org [IPv6:2600:3c01:e000:4c0::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pvdmp3pq5z3yfH; Sun, 9 Apr 2023 17:06:34 +0000 (UTC) (envelope-from possessor.assizer305@aceecat.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=aceecat.org header.s=rsa header.b=Innm9Vlt; spf=pass (mx1.freebsd.org: domain of possessor.assizer305@aceecat.org designates 2600:3c01:e000:4c0::2 as permitted sender) smtp.mailfrom=possessor.assizer305@aceecat.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aceecat.org ; s=rsa; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wvVaUrjaBa4ZaYYCUpLBIxNVgfmvyeR7MYCWpugTu6E=; b=Innm9VltaG6VcuikPe9Tv4xOn6 LWZU/lMiBHSB3iwLREGj5BU35GJBY95tzdZt6Tfk2EwAeU6VNyHtlmvDxudrJGvrCcJTDTmDBrdeu VCp/Ez2P1uodTEyyENU4GAWEEC0kz6pHuKKqNvKhPZKYCpTiCXOMPP2bZNc3Q0ecE3mjrKctL8mCs jgwpYza8QPD4ykGIwDAdMmvWFmUn0y/64LhmI9NgfdVZRIG/0+QsGCvKu/mu9SugZDPYMOZNTRYSf k8nAQbPVFVr+pyG/ZDL8Bb7lk03iVHi3myVm3dcB3nZbpG1aptpptDRzdD3NvrMmSnvLXiM7I5Kwh qUuEpF4g==; Received: from [::1] (port=45966 helo=beesty ident=itz) by beesty.loosely.org with esmtp (Exim 4.96-10-06ec9c57f) (envelope-from ) id 1plYUj-0002Qg-2w; Sun, 09 Apr 2023 10:06:25 -0700 Date: Sun, 9 Apr 2023 10:06:25 -0700 From: possessor.assizer305@aceecat.org To: questions@freebsd.org, freebsd-questions@freebsd.org Subject: Re: FreeBSD Comparable Technologies Message-ID: <20230409170625.rtarpa2rlwrtvkb2@beesty> Mail-Followup-To: questions@freebsd.org, freebsd-questions@freebsd.org References: List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spamd-Result: default: False [-2.98 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.981]; MID_RHS_NOT_FQDN(0.50)[]; R_SPF_ALLOW(-0.20)[+mx]; R_DKIM_ALLOW(-0.20)[aceecat.org:s=rsa]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[questions@freebsd.org,freebsd-questions@freebsd.org]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:63949, ipnet:2600:3c01::/32, country:SG]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[aceecat.org:+]; RCPT_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_NO_DN(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[aceecat.org]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4Pvdmp3pq5z3yfH X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N On Sun, Apr 09, 2023 at 03:25:21AM -0700, louise9841@gmail.com wrote: > Hello, I am new to FreeBSD in terms of using it as a home > router/firewall. Im trying to implement the FreeBSD equivalent or > similar way of doing things like I did on my Linux Router. Are there > are equivalent ways/programs for the following: > 1. Reverse Path Filter (Like on Linux). > 2. Protection against DHCP Starvation attacks. > 3. DHCP Snooping > 4. Reply-Only ARP system with features like(automatically adding > arps for leases) that keep people from setting a static ip on the > network and bypassing the queueing done by pf. As you can see from this thread https://lists.freebsd.org/archives/freebsd-questions/2023-February/002819.html there are some major high level differences between the two kernels when it comes to IP routing, and that may make finding exact analogues of the Linux firewall features hard or impossible. Or maybe not - I hope not. -- Ian