what firewall to use ? outdated/misguided/whatever documentation ?

[Nacho Lariguet]

On 2/12/19, Justin Sherrill <justin at shiningsilence.com> wrote:
> On Tue, Feb 12, 2019 at 12:15 PM Freddie Cash <fjwcash at gmail.com> wrote:
>>
>> Don't know too much about the state of packet filters in DFly, but wasn't
>> there an IPFW3 re-write/upgrade done awhile back, such that DFly IPFW is
>> fairly different now from FreeBSD IPFW?
>
> It's poorly named; ipfw3 is a completely separate effort by Bill Yuan.
> ipfw is still there in DragonFly.  ipfw3 does not replace or modify
> it.

I suppose this is what kicked my confussion in -IPFW3 not replacing
modifying still-available IPFW[2]. Moreover; in /etc/defaults/rc.conf:

pf_enable="NO" # Set to YES to enable packet filter (pf)
pf_rules="/etc/pf.conf"	 # rules definition file for pf

obviously refers to PF, while:

ipfw3_enable="NO" # Set to YES to enable ipfw3(8) firewall
ipfw3_program="/sbin/ipfw3" # where the ipfw3 program lives
ipfw3_script="/etc/ipfw3.rules" # Script to run to set up the firewall rules
ipfw3_modules="ipfw3 ipfw3_basic" # IPFW3 modules to be loaded

obviously refers to IPFW3, while:

firewall_enable="NO" # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)

not-so obviously refers to IPFW[2]

furthermore: there no /etc/ipfw3.rules to get started

>> Basically, on OpenBSD, you use PF.  On DFly, you use IPFW.  On FreeBSD,
>> you can choose which style of packet filter you prefer (although I'd
>> recommend not using IPFilter).
>
> I'd suggest pf in DragonFly mostly because I've been using it on
> DragonFly for years.  Like most things, it depends on what you want to
> do.
>


-- 
nacho Lariguet
lariguet at gmail.com