From owner-freebsd-doc@FreeBSD.ORG Fri Dec 23 15:50:34 2005 Return-Path: X-Original-To: freebsd-doc@FreeBSD.org Delivered-To: freebsd-doc@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 567A516A41F for ; Fri, 23 Dec 2005 15:50:34 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.93]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2017143D6B for ; Fri, 23 Dec 2005 15:50:28 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from flame.pc (aris.bedc.ondsl.gr [62.103.39.226]) by aiolos.otenet.gr (8.13.4/8.13.4/Debian-8) with SMTP id jBNFoJxk029379; Fri, 23 Dec 2005 17:50:19 +0200 Received: by flame.pc (Postfix, from userid 1001) id 18697116C5; Fri, 23 Dec 2005 16:28:10 +0200 (EET) Date: Fri, 23 Dec 2005 16:28:10 +0200 From: Giorgos Keramidas To: kirubiru Message-ID: <20051223142809.GB56090@flame.pc> References: <43AB738A.70702@hotpop.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43AB738A.70702@hotpop.com> Cc: freebsd-doc@FreeBSD.org Subject: Re: handbook/firewalls-apps.html X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2005 15:50:34 -0000 On 2005-12-22 23:48, kirubiru wrote: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-apps.html > > "...different people have different requirements and preferences." > > How about giving some simple characteristic of each? > > PF is secure, IPFW is easy to administer, etc. Something to help me > pick one. Bye all. I don't think "more secure" is something we should easily write in an official document, like the Handbook. The three firewalls that work on FreeBSD now are equally 'secure' when it comes to blocking unwanted access. Ease of administration is something extremely subjective too. Some may find IPFW easier to administer, because they have spent a lot of time reading the ipfw(8), natd(8) and dummynet(4) documentation, written thousands of lines of rules for dozens of machines using IPFW and DUMMYNET, etc. Others may tell you that PF is easier to administer, because they use it a lot and feel more comfortable with it. Then, some people, especially those who find themselves working with Solaris or other machines that support IPFILTER too, will tell you that IPFILTER is the one they feel more acquainted with. It's all a matter of what features you need and what *you* feel nice working with, I guess. - Giorgos