What is your favourite/best firewall on FreeBSD and why?
Lucius Rizzo
Lucius.Rizzo at The.ie
Mon May 26 10:08:10 UTC 2014
* Darren Pilgrim <list_freebsd at bluerosetech.com> [2014-05-24 12:12]:
> On 5/20/2014 12:09 AM, Lucius Rizzo wrote:
> > I have been looking into articles comparing firewalls that come with
> > FreeBSD. There isn't much recent info on the net. I am currently using
> > FreeBSD 10 with IPFilter.
> >
> > Firewalls are like MTA servers I find. Each person has their own
> > proclivities. I happened to have started with IPFilter with Solaris and
> > throughout Solaris years. Lately, on my Linux servers, I end up running
> > ufw as lazy man's iptables cli frontend which is easy enough.
> >
> > Ultimately, outside configuration differences all firewalls are essentially
> > serve the same purpose but I wonder what is your favorite and why? If
> > you were to run FreeBSD in production, which of the three would you
> > choose? IPFilter, PF or IPFW?
>
> I use ipfw on servers and end devices when I need a mitigation-oriented
> firewall. It makes simple work of putting up notch filters, but its
> syntax gets a bit ugly if you're doing up a router configuration.
>
> I build routers from pf on OpenBSD and Intel hardware. $1k of PC and I
> can shove gigabits through full BGP tables and big sets of ACLs all day
> long. Something comparable from Cisco would have a five- or six-digit
> price tag and leave you unsatisfied. For lighter workloads, Ubiquiti's
> EdgeRouter family is lovely and it gets you the benefit of a well-known
> interface if you're handing off the admin hat. I abandon FreeBSD in
> this use case--ipfw syntax isn't clean enough and pf's IPv6 support is
> broken.
>
> I haven't touched ipf in over a decade and don't miss it at all.
Does anyone know what happened to Darren Reed from ipfilter? Last,
I checked he had moved to Asia and was working under the Oracle
umbrella...
IPFilter page is now a redirect to ANU's main site. Pity.
--
| _o _ |_)o_ _ _
|_|_|(_||_|_> | \|/_/_(_) - Lucius.Tel
--------------------------------------
++ Success is relative: It is what we can make of the mess we have ++
++ made of things. ++
++ -- T. S. Eliot, "The Family Reunion" ++
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20140526/2c73b597/attachment.sig>
More information about the freebsd-stable
mailing list