What is your favourite/best firewall on FreeBSD and why?
k simon
chio1990 at gmail.com
Wed May 21 09:20:17 UTC 2014
于 14-5-21 16:35, Rolf Nielsen 写道:
> IPFW for me too.
IPFW +1. Though it does not support nat pool until now:), and I never
used it for "keep-states".
PF is easy used, but it is hard to master for me. It's check packet
sequnce too strict and prevnt reuse src port in extreme load if you does
not be expert in adjust the timeouts. But pf's "scrub" and "reply-to" is
amazing, and syntax is easy to understand.
Pfsync+pfflowd is a good idea to implement netflow/ipfix probe. I think
it's have low overhead and better performance than ng_netflow because
you can install a pfflowd instance on a different box. But pfflowd is
outdated since FB 9 released.
Regards
Simon
More information about the freebsd-stable
mailing list