From owner-freebsd-questions@FreeBSD.ORG Fri Jan 5 01:04:54 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EC3F116A40F for ; Fri, 5 Jan 2007 01:04:54 +0000 (UTC) (envelope-from atom.powers@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.freebsd.org (Postfix) with ESMTP id 89C3D13C469 for ; Fri, 5 Jan 2007 01:04:54 +0000 (UTC) (envelope-from atom.powers@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so7667484nfc for ; Thu, 04 Jan 2007 17:04:53 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cYs5dAazBnTx2iSPlG5XSr9GS1wrkHEoxWsaAScNJxftcrDe21EcAr1nTNJmkX8f1qRxTU0+uX1uJsgJghCS5j30H5LFqVvfX+dwTdll8Oik5Ul28lvLSFpniAn+jkFQQrYzAXtvEUhb8wivhjoUfhFYTHPX0ltP705SfI9EzrM= Received: by 10.49.42.5 with SMTP id u5mr28546228nfj.1167957448848; Thu, 04 Jan 2007 16:37:28 -0800 (PST) Received: by 10.49.63.12 with HTTP; Thu, 4 Jan 2007 16:37:28 -0800 (PST) Message-ID: Date: Thu, 4 Jan 2007 16:37:28 -0800 From: "Atom Powers" To: Eric In-Reply-To: <459D76E6.2030904@mikestammer.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <60224D09909C0B43A50935A0893D8FF31DA2DC@srv.exchange.net24.net.nz> <459D76E6.2030904@mikestammer.com> Cc: Brett Davidson , questions@freebsd.org Subject: Re: Advice on which FreeBSD firewall package to choose. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 01:04:55 -0000 On 1/4/07, Eric wrote: > Brett Davidson wrote: > > Before I start, I'm familiar with IPTables from Linux but am wanting to > > use FreeBSD as a firewalling router after seeing it in action on a > > heavily-loaded webserver. I like the efficiency of the TCP stack. > > > > Upon reading the handbook I found that I can have my choice of three > > firewalls; pf, iptables and ipfw. > > ... > > > > Against prudence, they wish to allow torrent connections to the inside > > lan and ICQ connections to both the Inside LAN and the Wireless DMZ. The > > torrent and ICQ connections will need to be bandwidth-managed so that is > > a major consideration for the choice of which firewall to use. Is there > > an equivalent to HTB on FreeBSD? > > > > > i believe pf is the most modern and cleanest/easiest syntax to use. it > is actively developed and lots of people use it. You can set up priority > on bandwidth in pf as well, so it should meet all your requirements nicely. pf will also do the bandwidth management you want. I've used ipfw, ipf, iptables, and pf; pf is by far the most powerful and easy to use. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers--