Re: Firewall

On 2007-Apr-28 07:08:18 -0500, Jack Barnett <jackbarnett@xxxxxxxxx> wrote:
I plan on using NAT so both internal networks can get to the internets.

In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL,
IPFILTER and PF (BF?). I just need to do basic filtering and just a few
port forwards. Nothing to fancy. Which one would be recommended?

Basically any of them will do what you want. The major differences are:
- IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland.
- IPfilter is the most portable.
- PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in userland.

Userland NAT or proxies incur significantly higher overheads than
in-kernel equivalents (because the packets have to cross the
kernel/userland barrier twice). This may be an issue if you have a
very fast Internet connection and an underpowered firewall.

--
Peter Jeremy

Attachment: pgpw9PsNGG2G2.pgp
Description: PGP signature

Relevant Pages

  • Re: Firewall
    ... In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL, ... Note that the NAT is in userland. ...
    (freebsd-net)
  • Re: Firewall
    ... In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL, ... Userland NAT or proxies incur significantly higher overheads than ...
    (freebsd-net)
  • Re: IpFilter / IpFireWall
    ... to use ipfw&ipf use this in your kernel! ... Subject: IpFilter / IpFireWall ... > i use freebsd v4.5 Release #0. ...
    (FreeBSD-Security)
  • Re: Solaris 10: sunscreen vs ?
    ... see IPfilter's web site at ... It'll do both, but from a security point of view, firewalls ... Yes - that's better from a security point of view. ... If you're planning to use ipfilter, ...
    (comp.unix.solaris)
  • Re: ipfirewall tricks
    ... I belive I meant ipfilter. ... On 5/2/06, Parv wrote: ... And "ipfirewall" was listed in the subject. ... Please mind that ipfirewall refers to ipfw; ...
    (freebsd-questions)