what firewall to use ? outdated/misguided/whatever documentation ?

Freddie Cash fjwcash at gmail.com
Tue Feb 12 09:14:47 PST 2019


On Tue, Feb 12, 2019 at 8:53 AM Nacho Lariguet <lariguet at gmail.com> wrote:

> Thanks for your reply Sepherosa !
>
> "Well, I don't know how you read the ipfw2 logs ..."
>
> I'm really new here (meaning the nix community overral). I surfed the
> tree on GIT web and after some time located the source code for all
> the firewall options available to look for versions/activity and the
> like; ie: to grab some sense of the development pace. The
> versions/time/dates I quoted were mainly for the comments on top of
> the relevant files.
>
> I'm just trying to understand what to use and what not to use and the
> documentation while very helpful seemed a bit confusing on what
> direction are the firewall options eventually going. Thus I seeked
> advice.
>
> I understand OpenBSD relies on PF (which created from scratch) while
> FreeBSD moved from IPFW to IPF (which also created from scratch) ...
> am I right ?
>

Nope.

OpenBSD had a version of IPFilter imported from Sun.  That was later
replaced with PF, which is now the only packet filter on OpenBSD.

FreeBSD started with IPFW.  Later, IPFilter was imported from Sun, but IPFW
remained for those who liked it or needed the Dummynet features.  Even
later, PF was imported from OpenBSD.  IPFilter stagnated in FreeBSD and was
on the verge of being removed, but someone stepped up, took maintainership,
cleaned it up, and it remains.  PF has diverged wildly from what's in
OpenBSD, to the point they really aren't compatible anymore.  There's been
a couple of attempts to sync it and bring in new features from OpenBSD, but
the lack of proper SMP in the OpenBSD networking stack makes it difficult
(the FreeBSD PF is SMP-aware).  IPFW remains, and has been under heavy
development the past couple of years with lots of new features added and
cleanups being done.

Don't know too much about the state of packet filters in DFly, but wasn't
there an IPFW3 re-write/upgrade done awhile back, such that DFly IPFW is
fairly different now from FreeBSD IPFW?

Basically, on OpenBSD, you use PF.  On DFly, you use IPFW.  On FreeBSD, you
can choose which style of packet filter you prefer (although I'd recommend
not using IPFilter).
-- 
Freddie Cash
fjwcash at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20190212/77987792/attachment-0003.htm>


More information about the Users mailing list