From owner-freebsd-questions@FreeBSD.ORG  Sat Oct 31 11:09:12 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DC6541065693
	for <freebsd-questions@freebsd.org>;
	Sat, 31 Oct 2009 11:09:12 +0000 (UTC)
	(envelope-from guy@posteurs.com)
Received: from kim.posteurs.com (kim.posteurs.com [91.121.169.122])
	by mx1.freebsd.org (Postfix) with ESMTP id A07AA8FC15
	for <freebsd-questions@freebsd.org>;
	Sat, 31 Oct 2009 11:09:12 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by kim.posteurs.com (Postfix) with ESMTP id 2142F2B019
	for <freebsd-questions@freebsd.org>;
	Sat, 31 Oct 2009 11:37:57 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at kim.posteurs.com
Received: from kim.posteurs.com ([127.0.0.1])
	by localhost (kim.posteurs.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id H-mc8IO+Z4Iq for <freebsd-questions@freebsd.org>;
	Sat, 31 Oct 2009 11:37:42 +0100 (CET)
Received: from [192.168.1.10] (guy.posteurs.com [88.161.152.179])
	(Authenticated sender: guy@posteurs.com)
	by kim.posteurs.com (Postfix) with ESMTPSA id BAFF22AFC6
	for <freebsd-questions@freebsd.org>;
	Sat, 31 Oct 2009 11:37:42 +0100 (CET)
Message-ID: <4AEC1729.6000307@posteurs.com>
Date: Sat, 31 Oct 2009 11:53:29 +0100
From: Guy Marcenac <guy@posteurs.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: best way to install/update software and firewall choice
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2009 11:09:12 -0000

Hi,

I am an old debian user and I am looking at freebsd for security reasons
* I am very interested in the jail concept
* I have to relearn iptables syntax each time I want to add a rule

I am testing the system in vmware virtual machine.

There is a point I don't fully understand. There are several ways of 
updating the system, from precompiled binaries or by recompiling the 
system and the ports (and using csup, portsnap, portupgrade ...).
I would prefer to use the first way because it is really faster, but it 
seems to me that when I want to update my jails, there is no other easy 
way than recompiling the whole world into my jails.

The other point a bit confusing is that I dont know which firewall to 
use. My first guess would be to use pf, because it exists also on 
openbsd, but it seems that the default would go to ipfw.

Thanks to support a newby

-- 
Guy