Date: Fri, 27 Nov 2020 12:22:56 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: tech-lists <tech-lists@zyxst.net> Cc: freebsd-current@freebsd.org Subject: Re: firewall choice Message-ID: <5CEA59B9-7D14-42E6-B2B4-DFCF656F02A9@FreeBSD.org> In-Reply-To: <X8C43AprLKhr3xxy@rpi4.local> References: <X8C43AprLKhr3xxy@rpi4.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27 Nov 2020, at 9:29, tech-lists wrote: > What's the "best" [1] choice for firewalling these days, in the list's > opinion? > > There's pf, ipf and ipfw. Which is the one being most recently > developed/updated? > I'm used to using pf, have done for over a decade. But OpenBSD's pf > has diverged a lot more from when it first came across. There seems to > be a lot more options. > Is FreeBSD's pf being actively developed still? > All three are actively maintained and grow new features from time to time. > [1] up-to-date See above. All three are actively maintained. > low overhead, high throughput I believe ipfw currently performs best. I can’t rank ipf and pf, because I’ve not seen benchmarks for ipf. > IPv6-able, All three. > traffic shaping/queueing Mostly ipfw, because dummynet. pf has ALTQ, but that has more limitations than dummynet. I think ipf doesn’t do shaping, but I may be mistaken about that. Best regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5CEA59B9-7D14-42E6-B2B4-DFCF656F02A9>