In message <CAD2Ti2_+5fy_fP1EVJwFpa484L7hJCcgA1zO6qgJhpUXOZ7WqQ_at_mail.gmail.c om> , grarpamp writes: > >>> What's the "best" [1] choice for firewalling these days > >>> There's pf, ipf and ipfw. > >> > >>This question comes up over years. > >> > >>Consider starting and joining with people to create > >>a comparison page on the FreeBSD Wiki, > >>both a feature / capability comparison table, > >>and contextual paragraphs. > >>A mini project like that can help many users > >>and add their researches to it. > > > > I'd be happy to if I knew where to start/how to start/is there a guide. > > Starting a wiki is here... > https://wiki.freebsd.org/ > https://wiki.freebsd.org/AboutWiki > > Which falls under larger handbook doc area... > https://lists.freebsd.org/mailman/listinfo/freebsd-doc > > Much of comparison would pull from man pages. > > Could also come from posting a call for input / announce > to questions, hackers, forum, etc. > > Wiki should not duplicate admin info from here... > https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html > But would cover this handbook bullet item that is > not actually covered in the handbook (which > could link out to the wiki page for that)... > "- The differences between the firewalls built into FreeBSD." > > A full comparison would also want to note and point to > upstream sources, and have a table of which filter systems > are supported going forward in each unix OS (the *BSD > flavors including DragonFly ipfw3 pf, Linux netfilter+nftables, > Illumos). pf was originally written when Darren Reed took a job at Sun. He changed the license at the time. FreeBSD moved it (and other softwre to contrib), as did NetBSD (in their own way). OpenBSD wrote pf in the space of a week in reaction to the license change. > > And cover layer2 capabilities, switching, bridging, ipv6, > nat, rate limits / shape / queue, proxy, arbitrary rewriting > and routing hooks, etc. > > NetBSD where ipf was last released has deprecated > both ipf and pf in favor of npf. While upstream devel and > maintenance on ipf has died, pf still lives on at OpenBSD. It's hardly deprecated in NetBSD. Christos Zoulas and I have exchanged a fair bit of code. Darren Reed released and maintained IPF through the Australian National University. NetBSD imported it, like we do here at FreeBSD, into their src tree. > > Anyone can start. Have fun. My ipf work is documented at https://wiki.freebsd.org/IPFilter. > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" > -- Cheers, Cy Schubert <Cy.Schubert_at_cschubert.com> FreeBSD UNIX: <cy_at_FreeBSD.org> Web: https://FreeBSD.org NTP: <cy_at_nwtime.org> Web: https://nwtime.org The need of the many outweighs the greed of the few.Received on Sat Nov 28 2020 - 05:26:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:26 UTC