Filtering (was Re: FreeBSD, quagga (BGP) and 2950 VLANs)
Kurt Jaeger
lists at complx.LF.net
Mon Sep 26 22:39:45 PDT 2005
Hello,
> I'm now starting to look at how to filter packets that I am forwarding,
> to ensure that none of the people I connect to can use me as their
> default route (unless I give them permission to do so). The FreeBSD
> docs mention three different packet filters - pf, ipfw and ipf.
We use ipfw on Freebsd. It's simple and it works and it's the
native approach. pf is a relevant alternative, because it's
very actively developed from the openbsd community.
ipf: Its very portable on other plattforms, but it looks a bit stale (?).
> Does any of these have specific benefits for a routing device that is
> forwarding 99.9% of it's traffic to other hosts, or is it just a
> question of personal preference? The rules I intend to write are fairly
> simple, and I don't need any state-based stuff.
If you start anew, maybe pf is the way to go.
--
MfG/Best regards, Kurt Jaeger 15 years to go !
LF.net GmbH fon +49 711 90074-23 pi at LF.net
Ruppmannstr. 27 fax +49 711 90074-33
D-70565 Stuttgart mob +49 171 3101372
More information about the freebsd-isp
mailing list