FreeBSD Firewalls

Matt Smith matt.xtaz at
Thu Dec 8 09:03:57 UTC 2016

On Dec 07 17:23, Warren Block wrote:
>For me, it was that PF was easier to configure, certainly for simple 
>things.  I'm told IPFW has improved since then, and NAT is now better.

I've always used IPFW, see no reason to change to something else. But 
yes NAT is now a lot better. It moved to in-kernel NAT and the syntax 
that I now use is like this:

ipfw nat 1 config if re0 same_ports
ipfw add nat 1 ip4 from not me to any out via re0
ipfw add nat 1 ip4 from any to me in via re0


More information about the freebsd-questions mailing list