Re: What is your favourite/best firewall on FreeBSD and why?

On Fri, 23 May 2014 22:57:33 -0700, Lucius Rizzo wrote:
 > * David Noel <david.i.noel@gmail.com> [2014-05-24 00:31]:
 > > On 5/23/14, David Noel <david.i.noel@gmail.com> wrote:
 > > > On 5/20/14, Lucius Rizzo <Lucius.Rizzo@the.ie> wrote:
 > > >> If you use any of the firewalls, and have interesting
 > > >> or even optimized rule sets, I would really like to see them :)
 > > >
 > > > I'll post them shortly.
 > > >
 > > 
 > > Let me know if I missed anything.
 > 
 > Thank you! This actually helps. I have a set of IPFilter rules that I
 > plunk on my FreeBSD servers running on cloud. I use IPFilter with
 > ssguard-ipfilter. (See Attached)
 > 
 > Seems like consesus is that pf is perhaps the best choice moving forward.  

There's no concensus except what you'd prefer it to be.  If you count 
messages you might have had to use ipfw, but I'm not surprised that pf 
is likely more comfortable conceptually to someone familiar with ipf.

To one happier with procedural programming down to assembler level to sh 
or Pascal rather than more object-oriented languages, ipfw is nice and 
bare-metal and doggedly procedural.  Others prefer the more symbolic 
approach, and pf has always felt that to me, but that's subjective.

We've seen good specifics on which suits whom, and in what scenarios.  
I liked Darren Pilgrim's non-sectarian approach, preferring ipfw on 
(his) servers and pf - on OpenBSD - on (his) routers.  And we got some 
interesting high-level takes from folks running enterprise-scale stuff 
down to what might best suit embedded gear.  It's been fun :)

However, I want the bikeshed slightly on the yellow side of burnt ochre.

cheers, Ian
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"