<html><head></head><body data-blackberry-caret-color="#008ee0" style="background-color: rgb(255, 255, 255); line-height: initial;"><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">If Jeremy has an existing configuration that is relatively stable, it might be fine to use the config files generated by pfsense as a reference for building a dragonfly config.</div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><span style="font-size: initial; line-height: initial; text-align: initial; font-family: Calibri, 'Slate Pro', sans-serif;"><br></span></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><span style="font-size: initial; line-height: initial; text-align: initial; font-family: Calibri, 'Slate Pro', sans-serif;">I have been wondering how difficult it would be to build pfsense with dragonfly instead of nanobsd/freebsd. I have been thinking about trying to port the nanobsd scripts to dragonfly, and see what breaks. However, since pfsense is already great, it isn't exactly a priority. </span></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><span style="font-size: initial; line-height: initial; text-align: initial; font-family: Calibri, 'Slate Pro', sans-serif;"><br></span></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><span style="font-size: initial; line-height: initial; text-align: initial; font-family: Calibri, 'Slate Pro', sans-serif;">HAMMER in semi-read-only nanobsd style could be a fascinating solution to versioning firewall config, for easy rollbacks. There is limited space on embedded devices, but the history can be retained on a mirrored system. Pfsense is already using the installer from dragonfly...</span></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><span style="font-size: initial; line-height: initial; text-align: initial; font-family: Calibri, 'Slate Pro', sans-serif;"><br></span></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><span style="font-size: initial; line-height: initial; text-align: initial; font-family: Calibri, 'Slate Pro', sans-serif;">But this can easily be seen as a solution looking for a problem. As a project for learning, it would still be useful because it involves a lot of different aspects of two systems. </span></div> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Ben</div> <table id="_pHCWrapper" width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div id="_persistentHeader" style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>Zachary Crownover</div><div><b>Sent: </b>Monday, December 15, 2014 1:12 PM</div><div><b>To: </b>Jeremy</div><div><b>Cc: </b>users@dragonflybsd.org</div><div><b>Subject: </b>Re: Which Firewall?</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style=""><div dir="ltr">For what it's worth, there is a lot of documentation on pf, arguably far more than there is ipfw due to it's levels of usage. With regard to pfsense, it gives you an easy to use webui where you don't really have to know all that much about writing rules or setting anything up, or how to install and configure the VPN aspects, and lets you use on old FreeBSD build with patching to that. DragonFly wouldn't provide you with the webui you're used to, but you would notice better performance.</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 15, 2014 at 1:04 PM, Jeremy <span dir="ltr"><<a href="mailto:dyre17@gmail.com" target="_blank">dyre17@gmail.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">That's yet another in favor of ipfw. I think I will try that out. I may even try converting my pfsense box to dragonfly. I learn better when applying things to real life situations.<div><br></div><div>Thanks all.</div><div><br></div><div>(BTW, that openbsd pf faq link may be too current for the version of pf in dragonfly. Just a hunch)</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-Jeremy</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 15, 2014 at 3:49 PM, Ed <span dir="ltr"><<a href="mailto:edwardmx@gmx.us" target="_blank">edwardmx@gmx.us</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>On Mon, 15 Dec 2014 10:21:01 -0500<br>
Jeremy <<a href="mailto:dyre17@gmail.com" target="_blank">dyre17@gmail.com</a>> wrote:<br>
<br>
> Hi all,<br>
><br>
> the Dragonfly handbook states pf is the recommended firewall, yet goes on<br>
> to say that the included pf is the older pf & that ipfw has features not<br>
> yet available in pf. Then it goes on to give very detailed instructions<br>
> for ipfw & points pf users to (seemingly) broken link as a manual.<br>
><br>
> I find this misleading & confusing, as it suggests that ipfw may be a more<br>
> sensible way to go, despite stating that pf is "recommended".<br>
><br>
> Could someone kindly rectify my understand here?<br>
><br>
> Thank you.<br>
><br>
> -Jeremy<br>
<br>
</div></div> I think this is the howto that goes to that missing link?<br>
<a href="http://www.openbsd.org/faq/pf/" target="_blank">http://www.openbsd.org/faq/pf/</a><br>
<br>
I would suggest to use ipfw because a good howto already exists on dragonfly<br>
website.<br>
<a href="http://www.dragonflybsd.org/docs/newhandbook/Security/#index15h3" target="_blank">http://www.dragonflybsd.org/docs/newhandbook/Security/#index15h3</a><br>
<span><font color="#888888"><br>
--<br>
Edward M <<a href="mailto:edwardmx@gmx.us" target="_blank">edwardmx@gmx.us</a>><br>
</font></span></blockquote></div></div>
</div></div></blockquote></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Sincerely,<br><br>Zachary Crownover<br></div></div>
</div>
<br><!--end of _originalContent --></div></body></html>