From owner-freebsd-questions@FreeBSD.ORG Fri Jun 24 15:20:23 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5BCE16A420 for ; Fri, 24 Jun 2005 15:20:23 +0000 (GMT) (envelope-from lists@immuneit.com) Received: from web1.nidhog.com (web1.nidhog.com [66.207.132.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80C5743D49 for ; Fri, 24 Jun 2005 15:20:23 +0000 (GMT) (envelope-from lists@immuneit.com) Received: from blacksea.nedyah.org (semcheski.squirrelhill.nidhog.net [66.207.143.104]) (authenticated bits=0) by web1.nidhog.com (8.13.1/8.13.1) with ESMTP id j5OFKGWq043802 for ; Fri, 24 Jun 2005 11:20:24 -0400 (EDT) (envelope-from lists@immuneit.com) From: "Michael H. Semcheski" To: freebsd-questions@freebsd.org Date: Fri, 24 Jun 2005 11:11:13 -0400 User-Agent: KMail/1.8 References: <5fd642fc05062406331e283ffe@mail.gmail.com> <200506241059.11035.ean@hedron.org> In-Reply-To: <200506241059.11035.ean@hedron.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506241111.13244.lists@immuneit.com> X-Greylist: Recipient e-mail whitelisted, not delayed by milter-greylist-1.5.6 (web1.nidhog.com [66.207.132.2]); Fri, 24 Jun 2005 11:20:24 -0400 (EDT) Subject: Re: firewall on freebsd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jun 2005 15:20:23 -0000 On Friday 24 June 2005 10:59 am, Ean Kingston wrote: > IPF was written for OpenBSD and later ported to FreeBSD. IPF came into > existence because of disagreements between certain members of the OpenBSD > team and the author of IPFilter. Filtering is done in the kernel and I > believe NAT is also in-kernel. The OpenBSD packet filter is known as pf, not ipf. It exists in FreeBSD as pf. I have to say that I find it has some very useful features, though they are outside the mainstream firewall feature set. For instance, authpf. When you log into the firewall (usually via ssh), if the account's login type shell is authpf, a special set of firewall rules get loaded for the IP address the client is connecting from. I have used pf and ipfw, and they're both fine. If I had to pick, I'd choose pf because I like that it uses a seperate configuration file, rather than a shell script to load its rules. I'm not an expert on either. Mike