Advice on which FreeBSD firewall package to choose.

Agus agus.262 at gmail.com
Fri Jan 5 15:50:07 UTC 2007 

It seems is unanimous....PF it is....remember u have to compile the Kernel
to activate this, i´ve done it for the first time, yesterday and its very
simple....also checkout the ALTQ for QoS, good luck

2007/1/5, Matthew Seaman <m.seaman at infracaninophile.co.uk>:
>
> Atom Powers wrote:
> > On 1/4/07, Eric <heli at mikestammer.com> wrote:
> >> Brett Davidson wrote:
> >> > Before I start, I'm familiar with IPTables from Linux but am wanting
> to
> >> > use FreeBSD as a firewalling router after seeing it in action on a
> >> > heavily-loaded webserver. I like the efficiency of the TCP stack.
> >> >
> >> > Upon reading the handbook I found that I can have my choice of three
> >> > firewalls; pf, iptables and ipfw.
> >> >
> > ...
> >> >
> >> > Against prudence, they wish to allow torrent connections to the
> inside
> >> > lan and ICQ connections to both the Inside LAN and the Wireless DMZ.
> >> The
> >> > torrent and ICQ connections will need to be bandwidth-managed so
> >> that is
> >> > a major consideration for the choice of which firewall to use. Is
> there
> >> > an equivalent to HTB on FreeBSD?
> >> >
> >> >
> >> i believe pf is the most modern and cleanest/easiest syntax to use. it
> >> is actively developed and lots of people use it. You can set up
> priority
> >> on bandwidth in pf as well, so it should meet all your requirements
> >> nicely.
> >
> > pf will also do the bandwidth management you want. I've used ipfw,
> > ipf, iptables, and pf; pf is by far the most powerful and easy to use.
> >
>
> I also heartily endorse the use of pf.  However be aware that if you
> want to use the QoS and other bandwidth management features you will
> need to compile yourself a custom kernel with the appropriate ALTQ
> stuff turned on.  Unfortunately ALTQ is not currently available as a
> loadable module.  Compiling a new kernel is not particularly difficult
> though.
>
>         Cheers,
>
>         Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
>                                                       Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
>                                                       Kent, CT11 9PW
>
>
>
>

More information about the freebsd-questions mailing list