--On June 24, 2005 5:31:13 PM +0100 [EMAIL PROTECTED] wrote:
On Friday 24 June 2005 15:31, fbsd_user wrote:
Which firewall you select to use should be based on your level of
understanding of how information is moved across the internet.
Ipfilter is best suited for people who are just learning about
firewalling. PF is a little more automated and the rules are very
close to IPF's.
IPFW is for the advanced firewall users who have expert
understanding of the internet. All 3 firewalls support stateful
rules and are available in the 5.4 release. Best advice is start
with Ipfilter and when you find out that you have needs which are
not met by Ipfilter then move over to IPFW.
Is this right?
If it is, then I'm a lot smarter than I give myself credit for. The first
firewall I ever used was ipchains. The I used iptables, but I never
learned much about either because Linux obscures the config (unless you're
doing something "fancy", you can run "setup" on the cli, click a few check
boxes and you're done.
When I decided to switch a server over to FBSD, I had to read the man page
to understand how pf worked, because there *was* no "setup" to run. I've
been using pf for a few years now, and I've never had problems
understanding the syntax or how it works (but I also never do NAT, so that
might be the reason it seems easy to me.)
I started off using IPFW, and found it no harder or easier
than ipfilter, which I am using now. Can't remember the reason I changed
to ipfilter, think it might have something to do with being easier to
use with ipnat, but I am pretty happy with it. Is there anything that
ipfw does better than ipfilter to make it preferable?
The only thing I would say about firewalls is, know what you're doing and
do it at the console. There's nothing like having to get dressed and drive
40 miles to fix a box because you screwed up the firewall config will
working remotely to impress upon you the need to work at the console. :-)
Personally, I like the "quick" keyword of the OpenBSD firewall, (but not
enough to bother installing it.)
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"