From owner-freebsd-questions@FreeBSD.ORG Fri Aug 1 13:08:29 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 597334B7 for ; Fri, 1 Aug 2014 13:08:29 +0000 (UTC) Received: from alisocreek.buildingonline.net (alisocreek.buildingonline.net [204.109.62.198]) by mx1.freebsd.org (Postfix) with ESMTP id 320BB2B9F for ; Fri, 1 Aug 2014 13:08:28 +0000 (UTC) Received: by alisocreek.buildingonline.net (Postfix, from userid 58) id B61E3BCD3D8; Fri, 1 Aug 2014 06:03:20 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on alisocreek.buildingonline.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 Received: from [192.168.1.250] (busarow [206.127.77.66]) (Authenticated sender: dan@dpcsys.com) by alisocreek.buildingonline.net (Postfix) with ESMTPA id 540C3BCD3CF for ; Fri, 1 Aug 2014 06:03:18 -0700 (PDT) Message-ID: <53DB9017.3000304@buildingonline.com> Date: Fri, 01 Aug 2014 07:03:19 -0600 From: Dan Busarow Organization: BuildingOnline.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> <201407200939020335.0017641F@smtp.24cl.home> <788274E2-7D66-45D9-89F6-81E8C2615D14@lastsummer.de> <201407201230590265.00B479C4@smtp.24cl.home> <20140729103512.GC89995@FreeBSD.org> <53DA304E.6020105@herveybayaustralia.com.au> <20140731134147.GH2402@glebius.int.ru> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2014 13:08:29 -0000 On 8/1/14, 1:39 AM, krad wrote: > I always found natting in ipfw rather awkward and harder than in pf. > Looking at the man page it doesnt seem to have changed. I should probably > give it another go though as it has been about 10 years now Couldn't be much easier than the way it works now e.g. firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="em0" natd_flags="-s -m -u" All of the builtin rulesets know about NAT My home network has two internal nets each with it's own wifi AP and the above handles it. natd_interface is your outside facing interface. Dan > > > On 31 July 2014 14:41, Gleb Smirnoff wrote: > >> On Thu, Jul 31, 2014 at 10:02:22PM +1000, Da Rock wrote: >> D> Without diminishing your efforts so far, what do you think about >> D> pitching all efforts into IPFW to combine effort and reduce overhead of >> D> maintaining separate firewalls in the core? Is there an advantage to >> D> having our own pf? >> >> Is there any disadvantage keeping it? It is a plugin. It is optional >> and loadable. I removed most additions to the network stack that live >> outside netpfil/pf. >> >> Some people like it and use it. >> >> It is also the only tool to configure ALTQ now. >> >> -- >> Totus tuus, Glebius. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >