From owner-freebsd-questions@FreeBSD.ORG  Mon Feb 27 09:52:25 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 95F2316A420
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Feb 2006 09:52:25 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 21F6143D45
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Feb 2006 09:52:23 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [172.24.8.84] (generic.ATOSORIGIN.ES [212.170.156.200])
	by strange.daemonsecurity.com (Postfix) with ESMTP id 5DE0F2E041;
	Mon, 27 Feb 2006 10:52:27 +0100 (CET)
Message-ID: <4402CBCF.3080405@locolomo.org>
Date: Mon, 27 Feb 2006 10:52:15 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5 (X11/20060118)
MIME-Version: 1.0
To: Pol Hallen <freebsd@fuckaround.org>
References: <200602271030.20438.freebsd@fuckaround.org>
In-Reply-To: <200602271030.20438.freebsd@fuckaround.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: freebsd firewallS
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2006 09:52:25 -0000

Pol Hallen wrote:
> Hi all,
> 
> i'd like build a rules firewall 4 my machine on the internet and my lan.
> 
> I see: IPFW, PF, IPF.
> 
> I have a main server on the internet and several clients.
> 
> Which firewall package i should use?(study)
> 
> I known iptables (4 linux) and i wrote a rules for it, but i prefer use a 
> native freebsd firewall :-)
> 
> Anyone can i suggest me? Thanks very much :-)

ipfw is the native firewall. ipf is simple and historically precedes pf.
pf is ported from OpenBSD and leaves nothing behind in terms of security 
controls.

I don't know ipfw. If you expect a simple rule set, then ipf may be the 
easy solution. Otherwise I would go for pf. pf took some syntax from ipf 
so with some changes you can easily shift to pf later, if you don't use 
groups no changes should be needed.

Cheers, Erik
-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID:  9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9