i thought the nat in ipfw is as elegant as in iptables :) but it is good to know that because different opinion actually is a chance to improve. and why not share with us why the ipfw nat is cumbersome or how to be not cumbersome.
> -----Original Message----- > From: owner-freebsd-curr...@freebsd.org [mailto:owner-freebsd- > curr...@freebsd.org] On Behalf Of Allan Jude > Sent: 22 July, 2014 7:13 > To: freebsd-current@freebsd.org > Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? > > On 2014-07-21 09:57, bycn82 wrote: > > There is no doubt that PF is a really good firewall, But we should > noticed that there is an ipfw which is originally from FreeBSD while PF > is from OpenBSD. > > > > If there is a requirement that PF can meet but ipfw cannot, then I > think it is better to improve the ipfw. But if you just like the PF > style, then I think choose OpenBSD is the better solution. Actually > OpenBSD is another really good operating system. > > > > Like myself, I like CentOS and ipfw, so no choice :) > > > > > > The only thing I've really found lacking in IPFW is the NAT > implementation. Specifically, when trying to do port-forwarding. All of > the rules have to go in the single 'ipfw nat' rule, and it makes it > cumbersome to manage. > > > -- > Allan Jude _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
