Date: Fri, 24 Jun 2005 23:56:14 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: fbsd_user <fbsd_user@a1poweruser.com>, Khanh Cao Van <cvkhanh@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: firewall on FreeBSD Message-ID: <20050624205614.GB1055@gothmog.gr> In-Reply-To: <MIEPLLIBMLEEABPDBIEGMEIMHHAA.fbsd_user@a1poweruser.com> References: <5fd642fc05062406331e283ffe@mail.gmail.com> <MIEPLLIBMLEEABPDBIEGMEIMHHAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-06-24 10:31, fbsd_user <fbsd_user@a1poweruser.com> wrote: > Which firewall you select to use should be based on your level of > understanding of how information is moved across the internet. > > Ipfilter is best suited for people who are just learning about > firewalling. PF is a little more automated and the rules are very > close to IPF's. True. > IPFW is for the advanced firewall users who have expert understanding > of the internet. Blatantly false. > All 3 firewalls support stateful rules and are available in the 5.4 > release. Best advice is start with Ipfilter and when you find out that > you have needs which are not met by Ipfilter then move over to IPFW. IPFW or PF is fine for starting too. The choise of the "best" firewall is, these days, more often than not an issue of which one matches the specific application and the taste of the one who is going to set it up, i.e. * DUMMYNET is a very nice bandwidth limiting & shaping tool, which may some times lead to choosing IPFW. * On the other hand, PF/ALTQ may be used to do similar things, so some users will obviously prefer this set of tools for other reasons (for instance, because the like the ruleset style better). * IP Filter, is almost obsoleted by PF on FreeBSD, but it's still one of the most portable firewalls out there (I use it on Solaris all the time, for example). There isn't a "best firewall for all cases". They all have their respective strengths and/or weaknesses. === To the original poster === I say, try them all out and choose the one _YOU_ prefer, for the reasons that are important in _YOUR_ setup. - Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050624205614.GB1055>