Date: Fri, 27 Nov 2020 18:11:43 -0500 From: grarpamp <grarpamp@gmail.com> To: freebsd-current@freebsd.org Subject: Re: firewall choice Message-ID: <CAD2Ti2_%2B5fy_fP1EVJwFpa484L7hJCcgA1zO6qgJhpUXOZ7WqQ@mail.gmail.com> In-Reply-To: <X8ET90gWvqFMAdwy@rpi4.local> References: <X8C43AprLKhr3xxy@rpi4.local> <CAD2Ti28csaoinhD_4Cx2S9f89m%2B6mtq7YetitM7Z-RHpPonY4Q@mail.gmail.com> <X8ET90gWvqFMAdwy@rpi4.local>
next in thread | previous in thread | raw e-mail | index | archive | help
>>> What's the "best" [1] choice for firewalling these days >>> There's pf, ipf and ipfw. >> >>This question comes up over years. >> >>Consider starting and joining with people to create >>a comparison page on the FreeBSD Wiki, >>both a feature / capability comparison table, >>and contextual paragraphs. >>A mini project like that can help many users >>and add their researches to it. > > I'd be happy to if I knew where to start/how to start/is there a guide. Starting a wiki is here... https://wiki.freebsd.org/ https://wiki.freebsd.org/AboutWiki Which falls under larger handbook doc area... https://lists.freebsd.org/mailman/listinfo/freebsd-doc Much of comparison would pull from man pages. Could also come from posting a call for input / announce to questions, hackers, forum, etc. Wiki should not duplicate admin info from here... https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html But would cover this handbook bullet item that is not actually covered in the handbook (which could link out to the wiki page for that)... "- The differences between the firewalls built into FreeBSD." A full comparison would also want to note and point to upstream sources, and have a table of which filter systems are supported going forward in each unix OS (the *BSD flavors including DragonFly ipfw3 pf, Linux netfilter+nftables, Illumos). And cover layer2 capabilities, switching, bridging, ipv6, nat, rate limits / shape / queue, proxy, arbitrary rewriting and routing hooks, etc. NetBSD where ipf was last released has deprecated both ipf and pf in favor of npf. While upstream devel and maintenance on ipf has died, pf still lives on at OpenBSD. Anyone can start. Have fun.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_%2B5fy_fP1EVJwFpa484L7hJCcgA1zO6qgJhpUXOZ7WqQ>