Future of pf / firewall in FreeBSD ? - does it have one ?

Dan Busarow dan at buildingonline.com
Fri Aug 1 13:08:29 UTC 2014


On 8/1/14, 1:39 AM, krad wrote:
> I always found natting in ipfw rather awkward and harder than in pf.
> Looking at the man page it doesnt seem to have changed. I should probably
> give it another go though as it has been about 10 years now

Couldn't be much easier than the way it works now

e.g.

firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="em0"
natd_flags="-s -m -u"

All of the builtin rulesets know about NAT

My home network has two internal nets each with it's own wifi AP and the 
above handles it.

natd_interface is your outside facing interface.

Dan



>
>
> On 31 July 2014 14:41, Gleb Smirnoff <glebius at freebsd.org> wrote:
>
>> On Thu, Jul 31, 2014 at 10:02:22PM +1000, Da Rock wrote:
>> D> Without diminishing your efforts so far, what do you think about
>> D> pitching all efforts into IPFW to combine effort and reduce overhead of
>> D> maintaining separate firewalls in the core? Is there an advantage to
>> D> having our own pf?
>>
>> Is there any disadvantage keeping it? It is a plugin. It is optional
>> and loadable. I removed most additions to the network stack that live
>> outside netpfil/pf.
>>
>> Some people like it and use it.
>>
>> It is also the only tool to configure ALTQ now.
>>
>> --
>> Totus tuus, Glebius.
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>


More information about the freebsd-questions mailing list