Re: Which Firewall?

[tautolog]

If Jeremy has an existing configuration that is relatively stable, it might be fine to use the config files generated by pfsense as a reference for building a dragonfly config. I have been wondering how difficult it would be to build pfsense with dragonfly instead of nanobsd/freebsd. ‎I have been thinking about trying to port the nanobsd scripts to dragonfly, and see what breaks. ‎However, since pfsense is already great, it isn't exactly a priority.  HAMMER in semi-read-only nanobsd style could be a fascinating solution to versioning firewall config, for easy rollbacks. There is limited space on embedded devices, but the history can be retained on a mirrored system. Pfsense is already using the installer from dragonfly... But this can easily be seen as a solution looking for a problem. As a project for learning, it would still be useful because it involves a lot of different aspects of two systems.  Ben From: Zachary Crownover Sent: Monday, December 15, 2014 1:12 PM To: Jeremy Cc: users@dragonflybsd.org Subject: Re: Which Firewall? For what it's worth, there is a lot of documentation on pf, arguably far more than there is ipfw due to it's levels of usage. With regard to pfsense, it gives you an easy to use webui where you don't really have to know all that much about writing rules or setting anything up, or how to install and configure the VPN aspects, and lets you use on old FreeBSD build with patching to that. DragonFly wouldn't provide you with the webui you're used to, but you would notice better performance. On Mon, Dec 15, 2014 at 1:04 PM, Jeremy <dyr...@gmail.com> wrote: That's yet another in favor of ipfw.  I think I will try that out.  I may even try converting my pfsense box to dragonfly. I learn better when applying things to real life situations. Thanks all. (BTW, that openbsd pf faq link may be too current for the version of pf in dragonfly. Just a hunch) -Jeremy On Mon, Dec 15, 2014 at 3:49 PM, Ed <edwar...@gmx.us> wrote: On Mon, 15 Dec 2014 10:21:01 -0500 Jeremy <dyr...@gmail.com> wrote: > Hi all, > > the Dragonfly handbook states pf is the recommended firewall, yet goes on > to say that the included pf is the older pf & that ipfw has features not > yet available in pf.  Then it goes on to give very detailed instructions > for ipfw & points pf users to (seemingly) broken link as a manual. > > I find this misleading & confusing, as it suggests that ipfw may be a more > sensible way to go, despite stating that pf is "recommended". > > Could someone kindly rectify my understand here? > > Thank you. > > -Jeremy   I think  this is the howto that goes to that missing link?   http://www.openbsd.org/faq/pf/   I would suggest to use ipfw because a good howto already exists on dragonfly   website.   http://www.dragonflybsd.org/docs/newhandbook/Security/#index15h3 -- Edward M <edwar...@gmx.us> -- Sincerely, Zachary Crownover