Le 05/01/2007 à 10:25:30+1300, Brett Davidson a écrit
> Before I start, I'm familiar with IPTables from Linux but am wanting to
> use FreeBSD as a firewalling router after seeing it in action on a
> heavily-loaded webserver. I like the efficiency of the TCP stack.
> Upon reading the handbook I found that I can have my choice of three
> firewalls; pf, iptables and ipfw.
> What would be the most useful (and easiest) package to use given the
> following scenario:
> A FreeBSD router comprising of four physical interfaces -
>       Eth0 is the outside 10Mbyte/s cable connection to the Internet.
>       Eth1 is a 100Mbit DMZ housing a webserver.
>       Eth2 is a 100Mb DMZ housing a 802.11g Wireless Access Router. 
>       (My normal preference is to isolate Wireless LANs from physical
> LANS).
>       Eth3 is the inside LAN. 
> Software-based VPN connections out from both the Inside LAN and Wireless
> DMZ are required. (Allowing VPN tunnels through the firewall; not
> tunnels terminated at the firewall).
> Against prudence, they wish to allow torrent connections to the inside
> lan and ICQ connections to both the Inside LAN and the Wireless DMZ. The
> torrent and ICQ connections will need to be bandwidth-managed so that is
> a major consideration for the choice of which firewall to use. Is there
> an equivalent to HTB on FreeBSD?
> I look forward to your answers...
I've using ipfw and pf for this.

If you've some knowlegde on Cisco ACL you can use ipfw (it's first

pf have some very usefull features. With pf it's last match first-use, and
it's more easy to add some ACL with pf for a script (like ssh_bruteforce).


Albert SHIH
Observatoire de Paris Meudon
Heure local/Local time:
Ven 5 jan 2007 09:08:19 CET
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to