Future of pf / firewall in FreeBSD ? - does it have one ?

krad kraduk at gmail.com
Fri Aug 1 13:14:38 UTC 2014 

that was never the problem, it was always tricky building stateful rulesets
with nat. From what i remember it was due to the state stable getting
parsed to early ie before the natting rule if your ruleset wasnt 100% puka.
It caught quite a few people out who i knew. It was over 12 years ago
though so my memory is hazy on it, but as soon as i tried pf i found it
much easier, so didn't look back.


On 1 August 2014 14:03, Dan Busarow <dan at buildingonline.com> wrote:

>
> On 8/1/14, 1:39 AM, krad wrote:
>
>> I always found natting in ipfw rather awkward and harder than in pf.
>> Looking at the man page it doesnt seem to have changed. I should probably
>> give it another go though as it has been about 10 years now
>>
>
> Couldn't be much easier than the way it works now
>
> e.g.
>
> firewall_enable="YES"
> firewall_type="OPEN"
> natd_enable="YES"
> natd_interface="em0"
> natd_flags="-s -m -u"
>
> All of the builtin rulesets know about NAT
>
> My home network has two internal nets each with it's own wifi AP and the
> above handles it.
>
> natd_interface is your outside facing interface.
>
> Dan
>
>
>
>
>
>>
>> On 31 July 2014 14:41, Gleb Smirnoff <glebius at freebsd.org> wrote:
>>
>>  On Thu, Jul 31, 2014 at 10:02:22PM +1000, Da Rock wrote:
>>> D> Without diminishing your efforts so far, what do you think about
>>> D> pitching all efforts into IPFW to combine effort and reduce overhead
>>> of
>>> D> maintaining separate firewalls in the core? Is there an advantage to
>>> D> having our own pf?
>>>
>>> Is there any disadvantage keeping it? It is a plugin. It is optional
>>> and loadable. I removed most additions to the network stack that live
>>> outside netpfil/pf.
>>>
>>> Some people like it and use it.
>>>
>>> It is also the only tool to configure ALTQ now.
>>>
>>> --
>>> Totus tuus, Glebius.
>>> _______________________________________________
>>> freebsd-questions at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to "
>>> freebsd-questions-unsubscribe at freebsd.org"
>>>
>>>  _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-
>> unsubscribe at freebsd.org"
>>
>>  _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list