Firewall
Peter Jeremy
peterjeremy at optushome.com.au
Sun Apr 29 11:28:40 UTC 2007
On 2007-Apr-28 07:08:18 -0500, Jack Barnett <jackbarnett at gmail.com> wrote:
>I plan on using NAT so both internal networks can get to the internets.
>
>In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL,
>IPFILTER and PF (BF?). I just need to do basic filtering and just a few
>port forwards. Nothing to fancy. Which one would be recommended?
Basically any of them will do what you want. The major differences are:
- IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland.
- IPfilter is the most portable.
- PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in userland.
Userland NAT or proxies incur significantly higher overheads than
in-kernel equivalents (because the packets have to cross the
kernel/userland barrier twice). This may be an issue if you have a
very fast Internet connection and an underpowered firewall.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070429/5b5de3f5/attachment.pgp
More information about the freebsd-net
mailing list