Date: Fri, 02 Jan 2015 13:08:21 -0500 From: Lowell Gilbert <freebsd-lists@be-well.ilk.org> To: Adrian Chadd <adrian@freebsd.org> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: [FreeBSD 11 Wishlist] Replacing an OpenBSD Firewall Message-ID: <44387tcay2.fsf@be-well.ilk.org> In-Reply-To: <CAJ-VmokPepw8K7Cu1-z5YVRCETKPf28VXhGx8u2cD-23TAMnFA@mail.gmail.com> (Adrian Chadd's message of "Fri, 2 Jan 2015 08:53:34 -0800") References: <1419995051.3716640.208176841.1676669A@webmail.messagingengine.com> <1420213273.622796.208841861.04300699@webmail.messagingengine.com> <CAJ-VmokPepw8K7Cu1-z5YVRCETKPf28VXhGx8u2cD-23TAMnFA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Adrian Chadd <adrian@freebsd.org> writes: > On 2 January 2015 at 07:41, Mark Felder <feld@freebsd.org> wrote: >> I've been encouraged to use ipfw and dummynet, but converting my >> firewall rules again is not something I'm enthusiastic about. I'll note >> that FreeBSD is often praised for including pf while ipfw is completely >> overlooked; our own Handbook even puts pf before ipfw. That certainly >> sends a message that we may not be intending to send and should be >> considered carefully. > > Well, I bet the handbook updates were written by a pf-loving person. :) I just took a quick look at that Handbook chapter (for the first time in quite a few years), and I didn't notice anything I'd consider a problem. All three firewalls are mentioned and (*very* lightly) compared in the Synopsis that begins the chapter. pf does come before ipfw, but *something* has to come first; it's not like anyone would go for a suggestion like periodically re-ordering the sections...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44387tcay2.fsf>