DaemonForums  

Go Back   DaemonForums > Other Operating Systems > Other BSD and UNIX/UNIX-like

Other BSD and UNIX/UNIX-like Any other flavour of BSD or UNIX that does not have a section of its own.

View Poll Results: Which are the best firewall software?
Pf 36 83.72%
Ipfw 7 16.28%
IpTables 0 0%
Voters: 43. You may not vote on this poll

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th June 2008
aleunix aleunix is offline
Real Name: Alessandro
Spam Deminer
 
Join Date: May 2008
Location: Italy
Posts: 224
Thanked 3 Times in 3 Posts
Default Which are the best firewall software?

Which are the best firewall software?
I think is Pf.

Note:
Also i have add the linux firewall.
Reply With Quote
  #2   (View Single Post)  
Old 10th June 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Thanked 49 Times in 43 Posts
Default

i like ipf (http://coombs.anu.edu.au/~avalon/) its nice and simple.
Reply With Quote
  #3   (View Single Post)  
Old 10th June 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

s/are/is

Anyway, I like pf(4).. one can easily turn an old system into a very efficient firewall with OpenBSD+pf.
Reply With Quote
  #4   (View Single Post)  
Old 10th June 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 282
Thanked 5 Times in 5 Posts
Default

I like PF too , because I think it is very easy than IPTABLES
Reply With Quote
  #5   (View Single Post)  
Old 10th June 2008
halber_mensch's Avatar
halber_mensch halber_mensch is offline
Real Name: halber mensch
Port Guard
 
Join Date: Jun 2008
Location: Sapulpa, OK
Posts: 14
Thanked 1 Time in 1 Post
Default

iptables has a confusing syntax to me, and it's overly complicated. pf actually has a well defined language for declaring firewall rules that's pretty intuitive.

addendum:
pf's in-kernel NAT also sets it apart from ipfw with its less reliable userland NAT daemon
__________________
perl -e "eval pack(q{H*}, join q{},qw{7072696e74207061636b28717b482a7d2c717b34393 23036333631366532303666366536633739323036313733373 33735366436353230373936663735323036353738373036353 63337343635363432303734363836393733323037343666323 03632363532303631323036633639373437343663363532303 66436663732363532303635366537343635373237343631363 93665363936653637326530617d293b})"

Last edited by halber_mensch; 10th June 2008 at 03:15 PM.
Reply With Quote
  #6   (View Single Post)  
Old 10th June 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Thanked 6 Times in 6 Posts
Default

PF for it's syntax and simplicity over iptables.
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #7   (View Single Post)  
Old 10th June 2008
lvlamb's Avatar
lvlamb lvlamb is offline
Real Name: Louis V. Lambrecht
Spam Deminer
 
Join Date: May 2008
Location: .be
Posts: 221
Thanked 25 Times in 24 Posts
Default

None! d/software/
In OpenBSD, packet filtering takes place in the kernel.
__________________
da more I know I know I know nuttin'
Reply With Quote
  #8   (View Single Post)  
Old 10th June 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Quote:
Originally Posted by lvlamb View Post
None! d/software/
In OpenBSD, packet filtering takes place in the kernel.
The kernel is software, as much as we wish it was wetware compatible.

OpenBSD's pf is a OSI layer 2 firewall, unlike the "software firewalls" in the Windows world..
Reply With Quote
  #9   (View Single Post)  
Old 10th June 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 446
Thanked 69 Times in 46 Posts
Default

Quote:
Originally Posted by BSDfan666
OpenBSD's pf is a OSI layer 2 firewall...
FWIW, ipfw and iptables can both filter at layer 2 as well.

I still voted for pf. It is syntactically easier, IMO.
__________________
Kill your t.v.
Reply With Quote
Old 10th June 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Quote:
Originally Posted by anomie View Post
FWIW, ipfw and iptables can both filter at layer 2 as well.

I still voted for pf. It is syntactically easier, IMO.
Apologies, I wasn't trying to imply otherwise.
Reply With Quote
Old 10th June 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

pf because it's the easiest way I've ever been able to configure such things.


The configuration file has a language of it's own that is nice and neat -- which I like. I especially love the good section in the manual that outlines the pf.conf syntax in Backus–Naur Form (BNF), well once I figured out how to read BNF anyway :\


Not to mention it runs on the two operating systems I use most, FreeBSD and OpenBSD :-)
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
Old 10th June 2008
hamba hamba is offline
Fdisk Soldier
 
Join Date: Apr 2008
Posts: 71
Thanked 5 Times in 4 Posts
Default

I'm for pf all the way.

Its easy to read and understand, has build in nat, works perfectly on load balancing and I can route traffic to where I want them to go.
Reply With Quote
Old 10th June 2008
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 113
Thanked 0 Times in 0 Posts
Default

pf, because OpenBSD is the gold standard for open-source firewalls.
__________________
That's nothing a couple o' pints wouldn't fix.
Reply With Quote
Old 10th June 2008
aleunix aleunix is offline
Real Name: Alessandro
Spam Deminer
 
Join Date: May 2008
Location: Italy
Posts: 224
Thanked 3 Times in 3 Posts
Default

I like especially pf for some unique advanced features.

About iptables starting from ubuntu hardy has been implemented, in part, a system similar to pf to make the firewall more simple and powerful.

I would like that the pf firewall became the default standard for all platforms bsd.

Note:
I think the apple use ipfw.
Reply With Quote
Old 10th June 2008
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 699
Thanked 90 Times in 81 Posts
Default

Quote:
Originally Posted by halber_mensch View Post
iptables has a confusing syntax to me, and it's overly complicated. pf actually has a well defined language for declaring firewall rules that's pretty intuitive.

addendum:
pf's in-kernel NAT also sets it apart from ipfw with its less reliable userland NAT daemon
ipfw(8) in FreeBSD 7+ includes in-kernel NAT. See the nat keyword in the man page. It's not as intuitive as pf's, but it's there.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
Old 10th June 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Wow, this is a land slide lol
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
Old 11th June 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Thanked 49 Times in 43 Posts
Default

if somebody could realistically compare ipfw and pf (or even ipf) in terms of features and capabilities that would be helpful.
Reply With Quote
Old 23rd June 2008
revzalot's Avatar
revzalot revzalot is offline
Shell Scout
 
Join Date: May 2008
Posts: 123
Thanked 1 Time in 1 Post
Default

I, too, am an advocate for pf but I have to learn iptables for customer's firewall. At first the iptables syntax was confusing but I'm finding it similar to pf syntax. I think Openbsd/pf has the edge in opensource firewall due to CARP/pfsync allowing for redundancy. I'm currently checking this cool IDS called fwsnort that works well with iptables. Has anyone played with this and care to share your experiences. Thanks.
Reply With Quote
Old 24th June 2008
mish's Avatar
mish mish is offline
Port Guard
 
Join Date: May 2008
Location: Makati City, Philippines
Posts: 25
Thanked 0 Times in 0 Posts
Default

Another vote for pf. Power, features, ease.
Reply With Quote
Old 18th October 2008
fbsduser fbsduser is offline
Shell Scout
 
Join Date: Aug 2008
Posts: 103
Thanked 4 Times in 4 Posts
Default

ufw
ipfw
pf
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fax software drhowarddrfine General software and network 31 25th December 2008 06:18 AM
any wlanconfig-like software? niedzwiedz FreeBSD General 2 30th July 2008 11:56 PM
CD Burning Software ninjatux FreeBSD Ports and Packages 7 17th July 2008 08:37 AM
software install bm1 FreeBSD Ports and Packages 3 16th July 2008 12:46 AM
bbs software mjt FreeBSD Ports and Packages 3 8th May 2008 03:02 PM


All times are GMT. The time now is 07:05 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick