Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Nov 2020 12:22:56 +0100
From:      "Kristof Provost" <kp@FreeBSD.org>
To:        tech-lists <tech-lists@zyxst.net>
Cc:        freebsd-current@freebsd.org
Subject:   Re: firewall choice
Message-ID:  <5CEA59B9-7D14-42E6-B2B4-DFCF656F02A9@FreeBSD.org>
In-Reply-To: <X8C43AprLKhr3xxy@rpi4.local>
References:  <X8C43AprLKhr3xxy@rpi4.local>

next in thread | previous in thread | raw e-mail | index | archive | help
On 27 Nov 2020, at 9:29, tech-lists wrote:
> What's the "best" [1] choice for firewalling these days, in the list's 
> opinion?
>
> There's pf, ipf and ipfw. Which is the one being most recently 
> developed/updated?
> I'm used to using pf, have done for over a decade. But OpenBSD's pf 
> has diverged a lot more from when it first came across. There seems to 
> be a lot more options.
> Is FreeBSD's pf being actively developed still?
>
All three are actively maintained and grow new features from time to 
time.

> [1] up-to-date
See above. All three are actively maintained.

> low overhead, high throughput
I believe ipfw currently performs best. I can’t rank ipf and pf, 
because I’ve not seen benchmarks for ipf.

> IPv6-able,
All three.

> traffic shaping/queueing
Mostly ipfw, because dummynet. pf has ALTQ, but that has more 
limitations than dummynet.
I think ipf doesn’t do shaping, but I may be mistaken about that.

Best regards,
Kristof



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5CEA59B9-7D14-42E6-B2B4-DFCF656F02A9>