From owner-freebsd-questions@freebsd.org Thu Dec 8 19:47:14 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C975C6D335 for ; Thu, 8 Dec 2016 19:47:14 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA HLL ISSUER 01" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5E3921911 for ; Thu, 8 Dec 2016 19:47:14 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id AE10C621FB; Thu, 8 Dec 2016 08:50:51 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybzp7ECqmigs; Thu, 8 Dec 2016 08:50:47 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 3C6B5621F8; Thu, 8 Dec 2016 08:50:46 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca; s=dkim_hll; t=1481205046; bh=W0Csj/paB4sUzj6BLvLC0POfDWXG97jFtPblbUfH6Oc=; h=In-Reply-To:References:Date:Subject:From:To:Cc:Reply-To; b=mLGHkhI+o7t1naZf8B07Akw5LpbQJBQkVuer3HHrtaFf/QzzfVR4x36VutXpCgnOK 4Zctd3kImWO2VCdkFb6r4FDMbbWIlAN/QXh+P/GBcNSG4zVh26t1HqRqwMiT6ZSYGb 7b8aP7AyYP3ljg/5C29SKtQUX2LAfxkdr6Do+Msq6/BVxWPS7/orHvc7corArUqwRI bdJztbSjXVaja3ifvc7hxjy4bPIVyM/klGfb2q/qyyhjf8GDWhd6d6F+hWkXua4kMx 6RAiAL83gqMqz71V6ODzbWIuTt4l69dOGMruaV/DBrbnKR111kSaG009XUeB4Ob8D+ kMlYAl2A3L0Dw== Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Thu, 8 Dec 2016 08:50:46 -0500 Message-ID: In-Reply-To: <20161207231046.504c2a61.freebsd@edvax.de> References: <5bed7716cd0c9f56e7fe73e86d0cde45.squirrel@webmail.harte-lyne.ca> <20161207231046.504c2a61.freebsd@edvax.de> Date: Thu, 8 Dec 2016 08:50:46 -0500 Subject: Re: FreeBSD Firewalls From: "James B. Byrne" To: "Polytropon" Cc: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-4.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2016 19:47:14 -0000 On Wed, December 7, 2016 17:10, Polytropon wrote: > On Wed, 7 Dec 2016 14:55:34 -0700 (MST), Warren Block wrote: >> Either PF or IPFW, depending on who you ask. > > Or depending on _how_ you ask: For simple and "static" concepts, > IPFW is the typical suggestion, while more advanced and extended > firewalls setups lead to PF as a recommendation. But of course > it's not that one of the firewalls cannot be used for the other > "contradicting" purpose... :-) > Thanks. For the immediate case simple and static is probably the best description. Overall however we intend to replace Linux with FreeBSD on all our hosts; real and virtual. That includes our gateway routers, which are single purposed x86_64 1u units. Thus learning PF seems the most economical choice. No doubt I will have questions on PF. But for the moment the book seems straight-forward enough. Sincerely, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3