From owner-freebsd-questions@FreeBSD.ORG  Fri Jun 24 14:58:46 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8B9E116A41C
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Jun 2005 14:58:46 +0000 (GMT) (envelope-from ean@hedron.org)
Received: from prosporo.hedron.org (hedron.org [66.11.182.60])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E787B43D48
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Jun 2005 14:58:45 +0000 (GMT) (envelope-from ean@hedron.org)
Received: from localhost.hedron.org (localhost.hedron.org [127.0.0.1])
	by prosporo.hedron.org (Postfix) with ESMTP id C2430C2FB
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Jun 2005 10:59:11 -0400 (EDT)
From: Ean Kingston <ean@hedron.org>
To: freebsd-questions@freebsd.org
Date: Fri, 24 Jun 2005 10:59:10 -0400
User-Agent: KMail/1.8
References: <5fd642fc05062406331e283ffe@mail.gmail.com>
In-Reply-To: <5fd642fc05062406331e283ffe@mail.gmail.com>
X-Face: W{mkf[fd1042ubL1FZ(CABIMzn~rdu<:SW\^LF_RB'<O~3Twxp`}}-$v+"=?utf-8?q?Z=5Bt=7BP=3B4=7C=24v5=7B=0A=095xJ=26?=<|_vk</WW5D)M!rK/Mek{n9fqtfa<OD362^xz|!;
	UOVp&
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200506241059.11035.ean@hedron.org>
Subject: Re: firewall on freebsd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2005 14:58:46 -0000

On June 24, 2005 09:33 am, Khanh Cao Van wrote:
> I'm going to learn about the freebsd firewall . In the handbook list
> some of them and I could not find out what is the best . So I decided
> to post here hoping to gain some of your opinion and experience .
> I would like to know what firewall was the most wanted ? I have used
> Linux several months and IP tables was a good statefull firewall .
> What about in freeBSD ?

All three are well written and all three pretty much do the same thing. Some 
things you may want to consider when choosing which firewall product to use:

IPFW is part of FreeBSD and only runs on FreeBSD.  Filtering is implemented in 
the kernel, NAT is a user-land daemon.

IPFilter is written to work with many operating systems (FreeBSD and Solaris 
are two examples). Filtering and NAT both run in the kernel.

IPF was written for OpenBSD and later ported to FreeBSD. IPF came into 
existence because of disagreements between certain members of the OpenBSD 
team and the author of IPFilter. Filtering is done in the kernel and I 
believe NAT is also in-kernel.

I have used both IPFW and IPFilter professionally. I prefer IPFW but only 
because I am more used to its filtering language. I have not found a 
sufficiently good technical reason for choosing one over the other.

For anyone who wants to start the in-kernel vs user-land NAT argument, I've 
already been through it and there are valid arguments for both sides. So, I 
won't get into it again.

-- 
Ean Kingston

E-Mail: ean AT hedron DOT org
URL: http://www.hedron.org/
I am currently looking for work. If you need competent system/network 
administration please feel free to contact me directly.