From owner-freebsd-questions@FreeBSD.ORG Thu Jan 4 22:18:20 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0C6F816A403 for ; Thu, 4 Jan 2007 22:18:20 +0000 (UTC) (envelope-from heli@mikestammer.com) Received: from smtp114.sbc.mail.re2.yahoo.com (smtp114.sbc.mail.re2.yahoo.com [68.142.229.91]) by mx1.freebsd.org (Postfix) with SMTP id B2B4713C465 for ; Thu, 4 Jan 2007 22:18:19 +0000 (UTC) (envelope-from heli@mikestammer.com) Received: (qmail 20240 invoked from network); 4 Jan 2007 21:51:39 -0000 Received: from unknown (HELO mail.mikestammer.com) (mikestammer@sbcglobal.net@70.142.209.106 with login) by smtp114.sbc.mail.re2.yahoo.com with SMTP; 4 Jan 2007 21:51:38 -0000 X-YMail-OSG: aaDFKfMVM1mrR9.YdX9yf.Ukg0pDb76P3xzIUX6Lt_8ymaCnpANBiJQRfs_TuS0DqEuk6yiWjLPjwYFtcpt1PEG5LpX.YtIf1kyWLOIoSXH7hFMV0MEwKHK21qnALNgfJDOWFLMqYm0z3B4Kb3QyHRyIitGnKxycmiA_toVHQYYwLSrtm9EFEMa80EZO Received: from localhost (localhost [127.0.0.1]) by mail.mikestammer.com (Postfix) with ESMTP id 5EB131146A; Thu, 4 Jan 2007 15:51:38 -0600 (CST) X-Virus-Scanned: amavisd-new at mikestammer.com Received: from mail.mikestammer.com ([127.0.0.1]) by localhost (gondolin.middleearth.mikestammer.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id on3X6wEzODdc; Thu, 4 Jan 2007 15:51:36 -0600 (CST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: eric) by mail.mikestammer.com (Postfix) with ESMTP id 2EF5B1141B; Thu, 4 Jan 2007 15:51:36 -0600 (CST) Message-ID: <459D76E6.2030904@mikestammer.com> Date: Thu, 04 Jan 2007 15:51:34 -0600 From: Eric User-Agent: Thunderbird 2.0b1 (Windows/20061206) MIME-Version: 1.0 To: Brett Davidson References: <60224D09909C0B43A50935A0893D8FF31DA2DC@srv.exchange.net24.net.nz> In-Reply-To: <60224D09909C0B43A50935A0893D8FF31DA2DC@srv.exchange.net24.net.nz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: questions@freebsd.org Subject: Re: Advice on which FreeBSD firewall package to choose. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jan 2007 22:18:20 -0000 Brett Davidson wrote: > Before I start, I'm familiar with IPTables from Linux but am wanting to > use FreeBSD as a firewalling router after seeing it in action on a > heavily-loaded webserver. I like the efficiency of the TCP stack. > > Upon reading the handbook I found that I can have my choice of three > firewalls; pf, iptables and ipfw. > > What would be the most useful (and easiest) package to use given the > following scenario: > > A FreeBSD router comprising of four physical interfaces - > Eth0 is the outside 10Mbyte/s cable connection to the Internet. > Eth1 is a 100Mbit DMZ housing a webserver. > Eth2 is a 100Mb DMZ housing a 802.11g Wireless Access Router. > (My normal preference is to isolate Wireless LANs from physical > LANS). > Eth3 is the inside LAN. > > Software-based VPN connections out from both the Inside LAN and Wireless > DMZ are required. (Allowing VPN tunnels through the firewall; not > tunnels terminated at the firewall). > > Against prudence, they wish to allow torrent connections to the inside > lan and ICQ connections to both the Inside LAN and the Wireless DMZ. The > torrent and ICQ connections will need to be bandwidth-managed so that is > a major consideration for the choice of which firewall to use. Is there > an equivalent to HTB on FreeBSD? > > I look forward to your answers... > > Regards, > Brett. > i believe pf is the most modern and cleanest/easiest syntax to use. it is actively developed and lots of people use it. You can set up priority on bandwidth in pf as well, so it should meet all your requirements nicely.