what firewall to use ? outdated/misguided/whatever documentation ?

Nacho Lariguet lariguet at gmail.com
Tue Feb 12 09:47:27 PST 2019 

crystal-clear; thanks Freddie !

On 2/12/19, Freddie Cash <fjwcash at gmail.com> wrote:
> On Tue, Feb 12, 2019 at 8:53 AM Nacho Lariguet <lariguet at gmail.com> wrote:
>
>> Thanks for your reply Sepherosa !
>>
>> "Well, I don't know how you read the ipfw2 logs ..."
>>
>> I'm really new here (meaning the nix community overral). I surfed the
>> tree on GIT web and after some time located the source code for all
>> the firewall options available to look for versions/activity and the
>> like; ie: to grab some sense of the development pace. The
>> versions/time/dates I quoted were mainly for the comments on top of
>> the relevant files.
>>
>> I'm just trying to understand what to use and what not to use and the
>> documentation while very helpful seemed a bit confusing on what
>> direction are the firewall options eventually going. Thus I seeked
>> advice.
>>
>> I understand OpenBSD relies on PF (which created from scratch) while
>> FreeBSD moved from IPFW to IPF (which also created from scratch) ...
>> am I right ?
>>
>
> Nope.
>
> OpenBSD had a version of IPFilter imported from Sun.  That was later
> replaced with PF, which is now the only packet filter on OpenBSD.
>
> FreeBSD started with IPFW.  Later, IPFilter was imported from Sun, but IPFW
> remained for those who liked it or needed the Dummynet features.  Even
> later, PF was imported from OpenBSD.  IPFilter stagnated in FreeBSD and was
> on the verge of being removed, but someone stepped up, took maintainership,
> cleaned it up, and it remains.  PF has diverged wildly from what's in
> OpenBSD, to the point they really aren't compatible anymore.  There's been
> a couple of attempts to sync it and bring in new features from OpenBSD, but
> the lack of proper SMP in the OpenBSD networking stack makes it difficult
> (the FreeBSD PF is SMP-aware).  IPFW remains, and has been under heavy
> development the past couple of years with lots of new features added and
> cleanups being done.
>
> Don't know too much about the state of packet filters in DFly, but wasn't
> there an IPFW3 re-write/upgrade done awhile back, such that DFly IPFW is
> fairly different now from FreeBSD IPFW?
>
> Basically, on OpenBSD, you use PF.  On DFly, you use IPFW.  On FreeBSD, you
> can choose which style of packet filter you prefer (although I'd recommend
> not using IPFilter).
> --
> Freddie Cash
> fjwcash at gmail.com
>


-- 
nacho Lariguet
lariguet at gmail.com

More information about the Users mailing list