From owner-freebsd-questions@FreeBSD.ORG  Fri Jun 24 15:20:23 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C5BCE16A420
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Jun 2005 15:20:23 +0000 (GMT)
	(envelope-from lists@immuneit.com)
Received: from web1.nidhog.com (web1.nidhog.com [66.207.132.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 80C5743D49
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Jun 2005 15:20:23 +0000 (GMT)
	(envelope-from lists@immuneit.com)
Received: from blacksea.nedyah.org (semcheski.squirrelhill.nidhog.net
	[66.207.143.104]) (authenticated bits=0)
	by web1.nidhog.com (8.13.1/8.13.1) with ESMTP id j5OFKGWq043802
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Jun 2005 11:20:24 -0400 (EDT)
	(envelope-from lists@immuneit.com)
From: "Michael H. Semcheski" <lists@immuneit.com>
To: freebsd-questions@freebsd.org
Date: Fri, 24 Jun 2005 11:11:13 -0400
User-Agent: KMail/1.8
References: <5fd642fc05062406331e283ffe@mail.gmail.com>
	<200506241059.11035.ean@hedron.org>
In-Reply-To: <200506241059.11035.ean@hedron.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200506241111.13244.lists@immuneit.com>
X-Greylist: Recipient e-mail whitelisted, not delayed by milter-greylist-1.5.6
	(web1.nidhog.com [66.207.132.2]);
	Fri, 24 Jun 2005 11:20:24 -0400 (EDT)
Subject: Re: firewall on freebsd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2005 15:20:23 -0000

On Friday 24 June 2005 10:59 am, Ean Kingston wrote:
> IPF was written for OpenBSD and later ported to FreeBSD. IPF came into
> existence because of disagreements between certain members of the OpenBSD
> team and the author of IPFilter. Filtering is done in the kernel and I
> believe NAT is also in-kernel.

The OpenBSD packet filter is known as pf, not ipf.  It exists in FreeBSD as 
pf.

I have to say that I find it has some very useful features, though they are 
outside the mainstream firewall feature set.  For instance, authpf.  When you 
log into the firewall (usually via ssh), if the account's login type shell is 
authpf, a special set of firewall rules get loaded for the IP address the 
client is connecting from.

I have used pf and ipfw, and they're both fine.  If I had to pick, I'd choose 
pf because I like that it uses a seperate configuration file, rather than a 
shell script to load its rules.

I'm not an expert on either.

Mike