From owner-freebsd-stable@FreeBSD.ORG  Fri May 23 07:58:50 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 012509A0
 for <freebsd-stable@freebsd.org>; Fri, 23 May 2014 07:58:50 +0000 (UTC)
Received: from smtp-sofia.digsys.bg (smtp-sofia.digsys.bg [193.68.21.123])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "smtp-sofia.digsys.bg",
 Issuer "Digital Systems Operational CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 84A3E2E26
 for <freebsd-stable@freebsd.org>; Fri, 23 May 2014 07:58:49 +0000 (UTC)
Received: from dcave.digsys.bg (dcave.digsys.bg [193.68.6.1])
 (authenticated bits=0)
 by smtp-sofia.digsys.bg (8.14.6/8.14.6) with ESMTP id s4N7n83f012891
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-stable@freebsd.org>; Fri, 23 May 2014 10:49:09 +0300 (EEST)
 (envelope-from daniel@digsys.bg)
Message-ID: <537EFD74.4060007@digsys.bg>
Date: Fri, 23 May 2014 10:49:08 +0300
From: Daniel Kalchev <daniel@digsys.bg>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Subject: Re: What is your favourite/best firewall on FreeBSD and why?
References: <20140520070926.GA92183@The.ie>
In-Reply-To: <20140520070926.GA92183@The.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 07:58:50 -0000


On 20.05.14 10:09, Lucius Rizzo wrote:
> Ultimately, outside configuration differences all firewalls are essentially
> serve the same purpose but I wonder what is your favorite and why? If
> you were to run FreeBSD in production, which of the three would you
> choose? IPFilter, PF or IPFW?

Coming from BSD/OS, IPFW was my natural choice. Have been using it for 
many, many years.

But, as it turns our, for many years, it has an problem with table 
manipulation, that wasn't fixed, so for these applications I switched to PF.

I still prefer the IPFW style configuration and management though.

Daniel