Re: Firewall
- From: Julian Elischer <julian@xxxxxxxxxxxx>
- Date: Sun, 29 Apr 2007 12:23:28 -0700
Peter Jeremy wrote:
On 2007-Apr-28 07:08:18 -0500, Jack Barnett <jackbarnett@xxxxxxxxx> wrote:I plan on using NAT so both internal networks can get to the internets.
In the FreeBSD documentation I see there are 3 firewalls, IPFIREWALL,
IPFILTER and PF (BF?). I just need to do basic filtering and just a few
port forwards. Nothing to fancy. Which one would be recommended?
Basically any of them will do what you want. The major differences are:
- IPFW (IPFIREWALL) is FreeBSD only. Note that the NAT is in userland.
though that is just fine for your average DSL link.. it is in kernel in 7.0
- IPfilter is the most portable.
- PF runs on *BSD. Note that (AFAIK) all proxies (eg FTP) are in userland.
Userland NAT or proxies incur significantly higher overheads than
in-kernel equivalents (because the packets have to cross the
kernel/userland barrier twice). This may be an issue if you have a
very fast Internet connection and an underpowered firewall.
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Firewall
- From: Gary Corcoran
- Re: Firewall
- References:
- Firewall
- From: Jack Barnett
- Re: Firewall
- From: Peter Jeremy
- Firewall
- Prev by Date: Re: Firewall
- Next by Date: Re: Firewall
- Previous by thread: Re: Firewall
- Next by thread: Re: Firewall
- Index(es):
Relevant Pages
|
|
