From owner-freebsd-stable@FreeBSD.ORG Sat May 24 20:12:15 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 060E872C for ; Sat, 24 May 2014 20:12:15 +0000 (UTC) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id E7EDA29CF for ; Sat, 24 May 2014 20:12:14 +0000 (UTC) Received: from Alfreds-MacBook-Pro-9.local (c-76-21-10-192.hsd1.ca.comcast.net [76.21.10.192]) by elvis.mu.org (Postfix) with ESMTPSA id AF34C1A3CEE for ; Sat, 24 May 2014 13:12:08 -0700 (PDT) Message-ID: <5380FD1A.9040803@freebsd.org> Date: Sat, 24 May 2014 13:12:10 -0700 From: Alfred Perlstein User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: What is your favourite/best firewall on FreeBSD and why? References: <20140520070926.GA92183@The.ie> In-Reply-To: <20140520070926.GA92183@The.ie> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2014 20:12:15 -0000 On 5/20/14 12:09 AM, Lucius Rizzo wrote: > I have been looking into articles comparing firewalls that come with > FreeBSD. There isn't much recent info on the net. I am currently using > FreeBSD 10 with IPFilter. > > Firewalls are like MTA servers I find. Each person has their own > proclivities. I happened to have started with IPFilter with Solaris and > throughout Solaris years. Lately, on my Linux servers, I end up running > ufw as lazy man's iptables cli frontend which is easy enough. > > Ultimately, outside configuration differences all firewalls are essentially > serve the same purpose but I wonder what is your favorite and why? If > you were to run FreeBSD in production, which of the three would you > choose? IPFilter, PF or IPFW? > > Also there is a lack of good interesting rule sets in the BSD realm. With > Linux, there was even a iptables rule set to prevent heartbleed. If you use any > of the firewalls, and have interesting or even optimized rule sets, I > would really like to see them :) > > Regards, > I prefer IPFW because generally my configs are relatively simple and the rules just read naturally to me as opposed to the other systems. It reads very easily and since I'm generally doing basic things it's nice not to have to think too hard about what I am trying to do. -Alfred