From owner-freebsd-questions@freebsd.org Fri Dec 9 06:26:08 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89B74C6EBAA for ; Fri, 9 Dec 2016 06:26:08 +0000 (UTC) (envelope-from demelier.david@gmail.com) Received: from mail-ua0-x233.google.com (mail-ua0-x233.google.com [IPv6:2607:f8b0:400c:c08::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 390CD11E9 for ; Fri, 9 Dec 2016 06:26:08 +0000 (UTC) (envelope-from demelier.david@gmail.com) Received: by mail-ua0-x233.google.com with SMTP id 20so8736829uak.0 for ; Thu, 08 Dec 2016 22:26:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8irxuRnY5+WURBAlmArAqZX+of8vdtWMloLXbbZbvDs=; b=kJqgLDQ6+jSm1RAJDyVr/NwETBKJ2lGKCHWpTwtYBe8sHYdUyb4VTo/iAiZWdVgdlf RA7FIcKNJjXBEzc/e/XidY4VgxXf+9AEPfXkQqk57o0vZcZbYYLgZRNQgzGhzNE5x7Ru 9fBhdKIWVNpUW9ANpiB+vM9k2HWthS9H6c9GFPAqdfg8N39kIFInfXi6riFZJ38exI8i N6/n93I58bWLRJQpHjSsqzMCL84tzkcuMK5RhGordt0qwdoHUEkIg1iYlkEtq0Aip5gE P5lhiorJHvTKsCIDq3j5fr10UXfs9PlFLtC8vqyYEU5k9qdncuKG0eeuXofiexZbYIo1 FWKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8irxuRnY5+WURBAlmArAqZX+of8vdtWMloLXbbZbvDs=; b=lhvcLamQasm56hMJSznqbqlH7uVUznTlOK1ftDENUL7l9JuQnzkZ2a4Y7LjYlUoNYO /Du1OHv5i5b7o5Hf+Wio478XrhnyTp+gH5Uqgzv9QSGY3jNpVwLbVbf3OGlmZ2mYNwc6 0eJTJTDJx6CcgTvCXVkf4ZBz5xzwhjOmDQZDMx/ONgWwOlCnrXe3kYidWfwoMjAg69jz BNpqbqnpHwdsLsarhbqeq4Dj1niSwYaGoluFTdKfvu/1FsEozwdOTZfpTxjip9AQsoL9 eDhyiNSoHI+/DTM3IemQSXwJ8bJHKS9EoDCKpQBe8fpVDSS/wiZg+HwJzic5ARGNUcmy qOzQ== X-Gm-Message-State: AKaTC035LBHiWC8rb0vZm3TCJHGnYSMGO6gdPsRjbJRzTHxRzsBOjs28Z9BxzmVzX993hbduR9ZC64NgcNtl2Q== X-Received: by 10.176.82.48 with SMTP id i45mr48044952uaa.126.1481264767354; Thu, 08 Dec 2016 22:26:07 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.47.83 with HTTP; Thu, 8 Dec 2016 22:26:06 -0800 (PST) Received: by 10.103.47.83 with HTTP; Thu, 8 Dec 2016 22:26:06 -0800 (PST) In-Reply-To: References: <5bed7716cd0c9f56e7fe73e86d0cde45.squirrel@webmail.harte-lyne.ca> From: David Demelier Date: Fri, 9 Dec 2016 07:26:06 +0100 Message-ID: Subject: Re: FreeBSD Firewalls To: Warren Block Cc: freebsd-questions@freebsd.org, byrnejb@harte-lyne.ca Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2016 06:26:08 -0000 Le 7 d=C3=A9c. 2016 10:55 PM, "Warren Block" a =C3=A9c= rit : On Wed, 7 Dec 2016, James B. Byrne via freebsd-questions wrote: Well, the setup and loading of Postgresql9.6 seems to have completed > successfully. Now, before this can go live I need to set up the > firewall. I am used to IPTables on CentOS but have no experience with > IPFilter or PF. > > First, which firewall, of the three I read are available (IPFW, > IPFilter and PF is the recommended choice? > Either PF or IPFW, depending on who you ask. Or, if you work for Juniper, IPF. I used IPFW for many years, now have used PF for many years. Which of them, if any, have FW for dummies like tools/guides? > Peter Hansteen has at least one famous book on PF. There are example IPFW firewalls in /etc/rc.firewall, too. IPFW, IPF, PF. Three firewalls in only one system. I hope one day there will be a consensus to keep only one.