View Single Post
  #5   (View Single Post)  
Old 16th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Why use PF if you're not using OpenBSD as a router or bridge? Perhaps it's being used as a small server, or perhaps a workstation?
  • Filtering rules can be used to control access out, or access in.
  • Queue management rules can be used to shape outbound traffic
  • State table management rules can be used to manage and control inbound requests for services
  • Advanced UDP/TCP port redirection can be used for service management
You're probably familiar with filtering rules if you've ever used "personal firewall" software. The flexibility (and perhaps complexity) of PF rules typically allow more control over filtering than other firewall software.

Let's look at the other three features.
First, having used a SOHO NAT router, you may be familiar with "port forwarding" to expose services on your local network. This is a subset of the capabilities of PF port redirection rules. In particular, redirection to loopback can provide great flexibilty for virtual server control and management.

As for the last two features, I'm not aware of any SOHO router that can do traffic shaping (bandwidth control by application or network service) or inbound request rate control.
Keep your NAT router for the time being, and begin to learn how to use PF to your advantage. Eventually, you may sell your router and replace it with an OpenBSD platform. I did.

Last edited by jggimi; 16th January 2009 at 02:03 PM.
Reply With Quote