On 2/12/19, Justin Sherrill <[email protected]> wrote: > On Tue, Feb 12, 2019 at 12:15 PM Freddie Cash <[email protected]> wrote: >> >> Don't know too much about the state of packet filters in DFly, but wasn't >> there an IPFW3 re-write/upgrade done awhile back, such that DFly IPFW is >> fairly different now from FreeBSD IPFW? > > It's poorly named; ipfw3 is a completely separate effort by Bill Yuan. > ipfw is still there in DragonFly. ipfw3 does not replace or modify > it.
I suppose this is what kicked my confussion in -IPFW3 not replacing modifying still-available IPFW[2]. Moreover; in /etc/defaults/rc.conf: pf_enable="NO" # Set to YES to enable packet filter (pf) pf_rules="/etc/pf.conf" # rules definition file for pf obviously refers to PF, while: ipfw3_enable="NO" # Set to YES to enable ipfw3(8) firewall ipfw3_program="/sbin/ipfw3" # where the ipfw3 program lives ipfw3_script="/etc/ipfw3.rules" # Script to run to set up the firewall rules ipfw3_modules="ipfw3 ipfw3_basic" # IPFW3 modules to be loaded obviously refers to IPFW3, while: firewall_enable="NO" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) not-so obviously refers to IPFW[2] furthermore: there no /etc/ipfw3.rules to get started >> Basically, on OpenBSD, you use PF. On DFly, you use IPFW. On FreeBSD, >> you can choose which style of packet filter you prefer (although I'd >> recommend not using IPFilter). > > I'd suggest pf in DragonFly mostly because I've been using it on > DragonFly for years. Like most things, it depends on what you want to > do. > -- nacho Lariguet [email protected]
