From owner-freebsd-net@FreeBSD.ORG  Sat Apr 28 12:38:48 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BA50216A400
	for <freebsd-net@freebsd.org>; Sat, 28 Apr 2007 12:38:48 +0000 (UTC)
	(envelope-from tom@tomjudge.com)
Received: from smtp808.mail.ird.yahoo.com (smtp808.mail.ird.yahoo.com
	[217.146.188.68])
	by mx1.freebsd.org (Postfix) with SMTP id 1985513C45B
	for <freebsd-net@freebsd.org>; Sat, 28 Apr 2007 12:38:47 +0000 (UTC)
	(envelope-from tom@tomjudge.com)
Received: (qmail 61160 invoked from network); 28 Apr 2007 12:38:47 -0000
Received: from unknown (HELO ?192.168.1.2?)
	(thomasjudge@btinternet.com@86.140.150.175 with plain)
	by smtp808.mail.ird.yahoo.com with SMTP; 28 Apr 2007 12:38:46 -0000
X-YMail-OSG: hyxrBkIVM1kGPbs_PkcmfPFcGSApaTYBfb8BkcuEHPm9Uy3W1WerXb6ziLgmsOdb45sqmbrLgIEUgOkMweTVl_E-
Message-ID: <4633413B.200@tomjudge.com>
Date: Sat, 28 Apr 2007 13:42:35 +0100
From: Tom Judge <tom@tomjudge.com>
User-Agent: Thunderbird 1.5.0.10 (X11/20070306)
MIME-Version: 1.0
To: Jack Barnett <jackbarnett@gmail.com>
References: <dedb607c0704280508nf2c071dh2f76967999f68696@mail.gmail.com>
In-Reply-To: <dedb607c0704280508nf2c071dh2f76967999f68696@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: Firewall
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2007 12:38:48 -0000

Jack Barnett wrote:
> Hi,
> 
> I'm running FreeBSD 6.2 and setting it up as a network router/firewall.
> 
> It has 3 nics, two of internal network (one is wireless, other is LAN) and
> third is to the internets.
> 
> I plan on using NAT so both internal networks can get to the internets.
> 
> In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL,
> IPFILTER and PF (BF?).   I just need to do basic filtering and just a few
> port forwards.  Nothing to fancy.  Which one would be recommended?
> 
> Also some time ago, I seen that there was a graphical tool for doing
> firewall rules and would output into different formats.  Anyone know what
> that tools is called? (ie. just a little app that outputs a text file
> depending on what firewall you select as the option).
> 
> Thanks!

The graphical tool you are thinking of is probably Firewall Builder 
(http://www.fwbuilder.org),  it is also in ports (security/fwbuilder). 
Firewall builder will 'compile'/generate rules for any of the FreeBSD 
firewalls you mentioned.  Personally I would use PF but I guess there 
are arguments for using each one in different scenario's.

Tom