Which Firewall?

bycn82 bycn82 at gmail.com
Mon Dec 15 18:55:23 PST 2014


*you can find developers in the IRC chatting roomserver:  irc.efnet.org
<http://irc.efnet.org>*

*channel #dragonflybsd*

On Tue, Dec 16, 2014 at 10:42 AM, Jeremy <dyre17 at gmail.com> wrote:
>
> This last point makes a lot of sense.
>
> What I want to do is learn.
>
> I have two 'handycaps' right now, as far as I am concerned:  Networking &
> programming.
>
> I want to learn networking & network security. I want to understand how
> people attack systems so that I can mitigate these attacks as much as
> possible.
>
> When I read unix man pages, they seem to assume I understand everything
> they talk about. Sure I can follow examples, but I want to know why these
> examples work, and what they are doing.
>
> I simply wish to learn more.
>
> Not sure if that exactly applies, but it is my motive for asking.  If I am
> to learn about firewalling, where o I start?
>
> -Jeremy
>
>
>
>
>
> On Mon, Dec 15, 2014 at 9:22 PM, Justin Sherrill <
> justin at shiningsilence.com> wrote:
>>
>> A better question to ask may be "I want to do (this specific thing),
>> so what is the proper tool for it?"
>>
>> pf and ipfw both work, in that they can block or adjust network
>> traffic based on arbitrary rules.  You'll never get an answer on
>> what's "better".
>>
>> I used to use ipfw and moved to pf for my local NAT.  It was better
>> for me because it was a much simpler config.  I had a specific use
>> case in that scenario.  If you have a specific goal in mind, it is
>> easier to give feedback.
>>
>> On Mon, Dec 15, 2014 at 10:21 AM, Jeremy <dyre17 at gmail.com> wrote:
>> > Hi all,
>> >
>> > the Dragonfly handbook states pf is the recommended firewall, yet goes
>> on to
>> > say that the included pf is the older pf & that ipfw has features not
>> yet
>> > available in pf.  Then it goes on to give very detailed instructions for
>> > ipfw & points pf users to (seemingly) broken link as a manual.
>> >
>> > I find this misleading & confusing, as it suggests that ipfw may be a
>> more
>> > sensible way to go, despite stating that pf is "recommended".
>> >
>> > Could someone kindly rectify my understand here?
>> >
>> > Thank you.
>> >
>> > -Jeremy
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20141216/b631f306/attachment-0001.htm>


More information about the Users mailing list