From owner-freebsd-questions@FreeBSD.ORG Fri Jun 24 20:09:18 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 381BC16A41C for ; Fri, 24 Jun 2005 20:09:18 +0000 (GMT) (envelope-from chad.albert@healthcarefirst.com) Received: from list.healthcarefirst.com (list.healthcarefirst.com [66.119.27.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E33B43D4C for ; Fri, 24 Jun 2005 20:09:15 +0000 (GMT) (envelope-from chad.albert@healthcarefirst.com) Received: from mail.myhealthcarefirst.com (hfmail01.sgf.healthcarefirst.med [10.15.2.11]) by list.healthcarefirst.com (Postfix) with ESMTP id 4169E9E1F4 for ; Fri, 24 Jun 2005 15:09:12 -0500 (CDT) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Fri, 24 Jun 2005 15:09:11 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Message-ID: <433CEE75B1339547BBB373B340665384844421@hfmail01.sgf.healthcarefirst.med> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: firewall on freebsd thread-index: AcV4wWgACoUQH3jsT3apfR6pn167LQAIZepQ From: "Chad Albert" To: "Khanh Cao Van" , "freebsd-questions" X-HEALTHCAREfirst-MailScanner-Information: Please contact the ISP for more information X-HEALTHCAREfirst-MailScanner: Found to be clean X-MailScanner-From: chad.albert@healthcarefirst.com Cc: Subject: RE: firewall on freebsd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jun 2005 20:09:18 -0000 I have been using ipfw for quite some time and I love it. The only issues I have with it are on the NAT side. Without a tool to modify the current nat rules, I can not change them dynamically without editing my config file then doing something like... killall -9 natd ; sleep 2 ; /sbin/natd -f /etc/natd.conf & to reinitialize it. Also natd is resource intensive. I have a PII 266 (not exactly a monster) and natd chews up 20-30 percent of my cpu during the day while nating about 3Mb/sec of traffic. I am planning on switching to pf and implementing a load balanced pair of firewalls using carp and pfsync. I hope that using an in-kernel nat will help performance and give me better control while adding/removing rules. -- Chad -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Khanh Cao Van Sent: Friday, June 24, 2005 8:33 AM To: freebsd-questions Subject: firewall on freebsd I'm going to learn about the freebsd firewall . In the handbook list some of them and I could not find out what is the best . So I decided to post here hoping to gain some of your opinion and experience . I would like to know what firewall was the most wanted ? I have used Linux several months and IP tables was a good statefull firewall . What about in freeBSD ? Thank for reading :) -- ---------------------------------- Cao Van Khanh _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"