From owner-freebsd-stable@FreeBSD.ORG Wed May 21 07:37:45 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ED52C512 for ; Wed, 21 May 2014 07:37:45 +0000 (UTC) Received: from The.ie (The.ie [172.245.218.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "the.ie", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ACAFF26D4 for ; Wed, 21 May 2014 07:37:45 +0000 (UTC) Received: from The.ie (lrizzo@localhost [127.0.0.1]) by The.ie (8.14.8/8.14.8) with ESMTP id s4K79RBD092310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 20 May 2014 00:09:33 -0700 (PDT) (envelope-from Lucius.Rizzo@The.ie) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=the.ie; s=signed-mail; t=1400569775; bh=sPaukJ2hIO1I+7Po/DtTEpyugw9rUUIxUqR7vSjH8Qk=; h=Date:From:To:Subject; b=TR3t84xhK1UYpaO2htGjXaE0aKBQQZ/jdfeqiOFd2H7XQG+h3R9k3wSwFoD0nkNyP 4vIWBg2GsC//3UQ8M2Ptiiytw2XRDQS79j8gw0Sgm6r++xGVS/sIzV6wGASmZpZOF4 3ApUosZwWsB2FriVvk9DUeXquN35oiBFEjHfWJ5dLOwtyJ1PukAJ8IFpiDdRcdoHVb wyATcv9mDO+qJb3DucE+Kw8hgfq/4mZ3o2VkQ3sJE2/SYW8gWJFwzws5tXNPtWQ4lq 9Nxl0LvCLN9R58Wp3hflgrVZKfEBk6QzuinkziYsi9e4wwZFX6xnKRji+V1gV4Uvwr LABxGnmTZiBYA== Received: (from lrizzo@localhost) by The.ie (8.14.8/8.14.8/Submit) id s4K79Q9h092309 for freebsd-stable@freebsd.org; Tue, 20 May 2014 00:09:26 -0700 (PDT) (envelope-from Lucius.Rizzo@The.ie) X-Authentication-Warning: The.ie: lrizzo set sender to Lucius.Rizzo@The.ie using -f Date: Tue, 20 May 2014 00:09:26 -0700 From: Lucius Rizzo To: freebsd-stable@freebsd.org Subject: What is your favourite/best firewall on FreeBSD and why? Message-ID: <20140520070926.GA92183@The.ie> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Homepage: http://Lucius.Tel/ User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-1 required=5 tests=ALL_TRUSTED X-Abuse-Report-To: Please send any abuse of our services to abuse at The.ie. The.ie is a part of The.Marketing Inc. We do not send unsolicited mail. X-Scanned-By: MIMEDefang 2.74 on 172.245.218.25 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 May 2014 07:37:46 -0000 I have been looking into articles comparing firewalls that come with FreeBSD. There isn't much recent info on the net. I am currently using FreeBSD 10 with IPFilter. Firewalls are like MTA servers I find. Each person has their own proclivities. I happened to have started with IPFilter with Solaris and throughout Solaris years. Lately, on my Linux servers, I end up running ufw as lazy man's iptables cli frontend which is easy enough. Ultimately, outside configuration differences all firewalls are essentially serve the same purpose but I wonder what is your favorite and why? If you were to run FreeBSD in production, which of the three would you choose? IPFilter, PF or IPFW? Also there is a lack of good interesting rule sets in the BSD realm. With Linux, there was even a iptables rule set to prevent heartbleed. If you use any of the firewalls, and have interesting or even optimized rule sets, I would really like to see them :) Regards, -- | _o _ |_)o_ _ _ |_|_|(_||_|_> | \|/_/_(_) - Lucius.Tel -------------------------------------- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CAUTION: Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++