Future of pf / firewall in FreeBSD ? - does it have one ?
Dan Busarow
dan at buildingonline.com
Fri Aug 1 13:08:29 UTC 2014
On 8/1/14, 1:39 AM, krad wrote:
> I always found natting in ipfw rather awkward and harder than in pf.
> Looking at the man page it doesnt seem to have changed. I should probably
> give it another go though as it has been about 10 years now
Couldn't be much easier than the way it works now
e.g.
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="em0"
natd_flags="-s -m -u"
All of the builtin rulesets know about NAT
My home network has two internal nets each with it's own wifi AP and the
above handles it.
natd_interface is your outside facing interface.
Dan
>
>
> On 31 July 2014 14:41, Gleb Smirnoff <glebius at freebsd.org> wrote:
>
>> On Thu, Jul 31, 2014 at 10:02:22PM +1000, Da Rock wrote:
>> D> Without diminishing your efforts so far, what do you think about
>> D> pitching all efforts into IPFW to combine effort and reduce overhead of
>> D> maintaining separate firewalls in the core? Is there an advantage to
>> D> having our own pf?
>>
>> Is there any disadvantage keeping it? It is a plugin. It is optional
>> and loadable. I removed most additions to the network stack that live
>> outside netpfil/pf.
>>
>> Some people like it and use it.
>>
>> It is also the only tool to configure ALTQ now.
>>
>> --
>> Totus tuus, Glebius.
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list