From owner-freebsd-stable@FreeBSD.ORG  Sat May 24 20:12:15 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 060E872C
 for <freebsd-stable@freebsd.org>; Sat, 24 May 2014 20:12:15 +0000 (UTC)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
 by mx1.freebsd.org (Postfix) with ESMTP id E7EDA29CF
 for <freebsd-stable@freebsd.org>; Sat, 24 May 2014 20:12:14 +0000 (UTC)
Received: from Alfreds-MacBook-Pro-9.local (c-76-21-10-192.hsd1.ca.comcast.net
 [76.21.10.192]) by elvis.mu.org (Postfix) with ESMTPSA id AF34C1A3CEE
 for <freebsd-stable@freebsd.org>; Sat, 24 May 2014 13:12:08 -0700 (PDT)
Message-ID: <5380FD1A.9040803@freebsd.org>
Date: Sat, 24 May 2014 13:12:10 -0700
From: Alfred Perlstein <alfred@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Subject: Re: What is your favourite/best firewall on FreeBSD and why?
References: <20140520070926.GA92183@The.ie>
In-Reply-To: <20140520070926.GA92183@The.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 May 2014 20:12:15 -0000

On 5/20/14 12:09 AM, Lucius Rizzo wrote:
> I have been looking into articles comparing firewalls that come with
> FreeBSD. There isn't much recent info on the net. I am currently using
> FreeBSD 10 with IPFilter.
>
> Firewalls are like MTA servers I find. Each person has their own
> proclivities. I happened to have started with IPFilter with Solaris and
> throughout Solaris years. Lately, on my Linux servers, I end up running
> ufw as lazy man's iptables cli frontend which is easy enough.
>
> Ultimately, outside configuration differences all firewalls are essentially
> serve the same purpose but I wonder what is your favorite and why? If
> you were to run FreeBSD in production, which of the three would you
> choose? IPFilter, PF or IPFW?
>
> Also there is a lack of good interesting rule sets in the BSD realm. With
> Linux, there was even a iptables rule set to prevent heartbleed. If you use any
> of the firewalls, and have interesting or even optimized rule sets, I
> would really like to see them :)
>
> Regards,
>
I prefer IPFW because generally my configs are relatively simple and the 
rules just read naturally to me as opposed to the other systems.

It reads very easily and since I'm generally doing basic things it's 
nice not to have to think too hard about what I am trying to do.

-Alfred