From owner-freebsd-stable@FreeBSD.ORG Sat May 24 04:22:08 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 26AE51A6 for ; Sat, 24 May 2014 04:22:08 +0000 (UTC) Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A6C4126C8 for ; Sat, 24 May 2014 04:22:07 +0000 (UTC) Received: by mail-la0-f52.google.com with SMTP id gl10so4775191lab.11 for ; Fri, 23 May 2014 21:22:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=r5xDiZX7S8RRsbiYbKjkP4TmRNtWJgca3pGX50zQ0vQ=; b=Mps1NzaR9Br4d5XCecmhDO0+MKo/dZcFAVx5kdnSgoVse+mYxB0JOcLxNB9DHMmu5M nq+SdVF064SorjeTZDYzWDeYXr2DvD6fqgyBN4jVuWPvsQALgW7MIADALFsBVtdFB4c4 yYaDcGoMdmeFeQMn+b2EFmOns2aD9gGpcfJDVDXb4a5SCIosgA5EWBHfQiUfSN3Y3QCs 3O1H+j7Ye8l+IeT/akPo7VrgZ+A3Wbzakpuya79Gv+G0TtaTebeWQCTyZs6mVee0GpQN g1hkO8WJQg27x3mRt+7U436F6tGK9Wi8yECXACqidinSF8KvrOcMDAhws40t7dsYIumE iMBg== MIME-Version: 1.0 X-Received: by 10.152.22.169 with SMTP id e9mr259905laf.51.1400905325623; Fri, 23 May 2014 21:22:05 -0700 (PDT) Received: by 10.152.134.201 with HTTP; Fri, 23 May 2014 21:22:05 -0700 (PDT) Reply-To: David.I.Noel@gmail.com In-Reply-To: <20140520070926.GA92183@The.ie> References: <20140520070926.GA92183@The.ie> Date: Fri, 23 May 2014 23:22:05 -0500 Message-ID: Subject: Re: What is your favourite/best firewall on FreeBSD and why? From: David Noel To: Lucius Rizzo Content-Type: text/plain; charset=UTF-8 Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2014 04:22:08 -0000 On 5/20/14, Lucius Rizzo wrote: > Ultimately, outside configuration differences all firewalls are essentially > serve the same purpose but I wonder what is your favorite and why? If > you were to run FreeBSD in production, which of the three would you > choose? IPFilter, PF or IPFW? I use PF, though I've never tried IPFilter or IPFW. Years ago when I was trying to decide between the three I remember finding a number of good arguments in favor of using PF. > Also there is a lack of good interesting rule sets in the BSD realm. With > Linux, there was even a iptables rule set to prevent heartbleed. If you use > any of the firewalls, and have interesting or even optimized rule sets, I > would really like to see them :) There are a handful of PF ruleset examples available online. I gathered them, concatenated them, did some reading and made sure they made sense for my use case, then applied them. They're on my other machine though. I'll post them shortly.