Re: Advice on which FreeBSD firewall package to choose.

Fri, 05 Jan 2007 07:52:43 -0800 

It seems is unanimous....PF it is....remember u have to compile the Kernel
to activate this, i´ve done it for the first time, yesterday and its very
simple....also checkout the ALTQ for QoS, good luck

2007/1/5, Matthew Seaman <[EMAIL PROTECTED]>:


Atom Powers wrote:
> On 1/4/07, Eric <[EMAIL PROTECTED]> wrote:
>> Brett Davidson wrote:
>> > Before I start, I'm familiar with IPTables from Linux but am wanting
to
>> > use FreeBSD as a firewalling router after seeing it in action on a
>> > heavily-loaded webserver. I like the efficiency of the TCP stack.
>> >
>> > Upon reading the handbook I found that I can have my choice of three
>> > firewalls; pf, iptables and ipfw.
>> >
> ...
>> >
>> > Against prudence, they wish to allow torrent connections to the
inside
>> > lan and ICQ connections to both the Inside LAN and the Wireless DMZ.
>> The
>> > torrent and ICQ connections will need to be bandwidth-managed so
>> that is
>> > a major consideration for the choice of which firewall to use. Is
there
>> > an equivalent to HTB on FreeBSD?
>> >
>> >
>> i believe pf is the most modern and cleanest/easiest syntax to use. it
>> is actively developed and lots of people use it. You can set up
priority
>> on bandwidth in pf as well, so it should meet all your requirements
>> nicely.
>
> pf will also do the bandwidth management you want. I've used ipfw,
> ipf, iptables, and pf; pf is by far the most powerful and easy to use.
>

I also heartily endorse the use of pf.  However be aware that if you
want to use the QoS and other bandwidth management features you will
need to compile yourself a custom kernel with the appropriate ALTQ
stuff turned on.  Unfortunately ALTQ is not currently available as a
loadable module.  Compiling a new kernel is not particularly difficult
though.

        Cheers,

        Matthew

--
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW





_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to