From owner-freebsd-current@FreeBSD.ORG Mon Jul 21 23:12:58 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9E9C8378 for ; Mon, 21 Jul 2014 23:12:58 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 74C0E2F8B for ; Mon, 21 Jul 2014 23:12:57 +0000 (UTC) Received: from [192.168.1.2] (senat1-01.HML3.ScaleEngine.net [209.51.186.5]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 847B02A40C for ; Mon, 21 Jul 2014 23:12:50 +0000 (UTC) Message-ID: <53CD9E79.2060201@freebsd.org> Date: Mon, 21 Jul 2014 19:12:57 -0400 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? References: <20140721.074105.74747815.sthaug@nethelp.no> <20140721.085616.74744313.sthaug@nethelp.no> <002601cfa4eb$b4554270$1cffc750$@gmail.com> In-Reply-To: <002601cfa4eb$b4554270$1cffc750$@gmail.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xUDRlQDDH6xi727ijkBBNQEHuJgM2LNO2" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2014 23:12:58 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xUDRlQDDH6xi727ijkBBNQEHuJgM2LNO2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-07-21 09:57, bycn82 wrote: > There is no doubt that PF is a really good firewall, But we should noti= ced that there is an ipfw which is originally from FreeBSD while PF is fr= om OpenBSD. >=20 > If there is a requirement that PF can meet but ipfw cannot, then I thin= k it is better to improve the ipfw. But if you just like the PF style, th= en I think choose OpenBSD is the better solution. Actually OpenBSD is ano= ther really good operating system.=20 >=20 > Like myself, I like CentOS and ipfw, so no choice :) >=20 >=20 The only thing I've really found lacking in IPFW is the NAT implementation. Specifically, when trying to do port-forwarding. All of the rules have to go in the single 'ipfw nat' rule, and it makes it cumbersome to manage. --=20 Allan Jude --xUDRlQDDH6xi727ijkBBNQEHuJgM2LNO2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTzZ58AAoJEJrBFpNRJZKf8uIP/3uC9OWrHJ/IBLEcDRjqFUzs a6vT3EiqtcmGBdpgBfnL9E2XdAGkxNG3ZeUIYatG+QkBrctpG25+0+O+z3Da5SZB MgD+nxnET/ygBOKzr1D3uZ8T6nubVdDy7A4/luFwi7yJc8CJwx9pNQZwNDuaEHnL sHkzUJfEyiymZOYmWY4IntZyakYVPAb9ViwL3drWl+jR04MfyVJJ8ZwWzQBk91F7 OzYIO1lg7ibG2UvDnA2itCYqKiL8P6w4tPwdmBdQVeVzb8IbJuQ9qjXIwLTaPm4z PTj4AjNI1BkRmhUDDp4KTth0KflKHPnPokVOlqu6Vy5Rv++3OnfjD8xJKrTjKaNR fgTyoCVBsD964DN0t4ljplN2h5kL4GWeYHIE1YgWNM+Eghgq1m+bOCWah/FEUzK4 ea2V5Jy+7RZQnsFYTQnH7Psav3oFydS03aQ1xdICvvkQQxqzWPEM0VUDYo9ywJIo DhIBbtey9nlRtvzKNEjxcXgrHBDLsYt7+C/yuEIptB0KSBBNxvNDOtNch+1W8hN5 v6b0+IGv/FLWYlkpN/AEtyvsSIRsoM2mHRaA4DQi58RYEg896rNqwkKBiLN+jwW5 gO5wsEDNaCANFnBcaYnMWjAmVZ3UqoYAA7Jh5ho20ljiv7KN75+wVUhLyjurVN+J IZ8jMAslUGDexP9vbKh6 =avBf -----END PGP SIGNATURE----- --xUDRlQDDH6xi727ijkBBNQEHuJgM2LNO2--