DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 27th July 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 118
Default FreeBSD Firewall

What is the firewall that FreeBSD is using?

I'm planned to switch from OpenBSD to FreeBSD firewall with minimal configuration such as

PPPOE
DHCP
DNS - unbound
Snort
Squid
MAC enforcement.
Operating system lock down
No web server or database server or any others.

Thanks.
Reply With Quote
  #2   (View Single Post)  
Old 27th July 2015
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,496
Default

That information can be easily found in the the FreeBSD handbook.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 27th July 2015
gpatrick gpatrick is offline
Package Pilot
 
Join Date: Nov 2009
Posts: 192
Default

FreeBSD has 3 firewalls available: IPFW, ipf, and pf.

pf is different from OpenBSD's pf and was rewritten for SMP support and uses the older syntax (pre-4.7 I believe).

ipf is maintained by one or two people I believe but if memory recalls there was talk of removing it since it was not maintained, until someone stepped up.

ipfw is the firewall that is FreeBSD developed.

There is some discussion with the state of pf in FreeBSD which can be followed here Future of pf firewall in FreeBSD
Reply With Quote
  #4   (View Single Post)  
Old 28th July 2015
Oko Oko is offline
Banned
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,087
Default

Quote:
Originally Posted by Peter_APIIT View Post
What is the firewall that FreeBSD is using?

I'm planned to switch from OpenBSD to FreeBSD firewall with minimal configuration such as

PPPOE
Don't use so I don't know

Quote:
Originally Posted by Peter_APIIT View Post
DHCP
It is the same. IIRC FreeBSD stole the dhclient form OpenBSD. Both are configured by editing
Code:
/etc/dhclient.conf
. By default the one shipped with FreeBSD is empty.

Quote:
Originally Posted by Peter_APIIT View Post
DNS - unbound
OpenBSD
Code:
/var/unbound/etc/unbound.conf
comes with sane defaults although the first thing I do enable DNSSEC validation. FreeBSD comes with empty
/var/unbound/conf.d


Quote:
Originally Posted by Peter_APIIT View Post
Snort
Have not used for a while.

Quote:
Originally Posted by Peter_APIIT View Post
Squid
Have not used for a while

Quote:
Originally Posted by Peter_APIIT View Post
MAC enforcement.
OpenBSD doesn't have MAC

Quote:
Originally Posted by Peter_APIIT View Post
Operating system lock down
No web server or database server or any others.

Thanks.
OpenBSD safer by default but FreeBSD could be locked pretty good.
Reply With Quote
  #5   (View Single Post)  
Old 28th July 2015
Oko Oko is offline
Banned
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,087
Default

Quote:
Originally Posted by gpatrick View Post
FreeBSD has 3 firewalls available: IPFW, ipf, and pf.

pf is different from OpenBSD's pf and was rewritten for SMP support and uses the older syntax (pre-4.7 I believe).
FreeBSD PF has not been rewritten. It has some quick dirty SMP hack and uses a peace of FreeBSD network stack which is non existent in OpenBSD. It is more or less 5 year old version of vanilla PF. On another hand OpenBSD has been practically rewritten and currently is being SMP optimized and tuned. There was enormous amount of work gone in SMP network and PF stack on OpenBSD.

Quote:
Originally Posted by gpatrick View Post
ipf is maintained by one or two people I believe but if memory recalls there was talk of removing it since it was not maintained, until someone stepped up.
This is first firewall originally developed for Solaris. Solaris is switching to PF. Juniper networks vetoed FreeBSD decision to remove ipf as it seems that JunoOS uses IPF.
I am sure SmallWall people (some old m0n0wall users) are happy too.

http://smallwall.org/

Quote:
Originally Posted by gpatrick View Post
ipfw is the firewall that is FreeBSD developed.

There is some discussion with the state of pf in FreeBSD which can be followed here Future of pf firewall in FreeBSD
IPFW is indigious firewall of FreeBSD which is also a granddaddy of UNIX IPtables. Its development stall to the point that Apple decided few years ago to switch to PF. However more recently Luigi Rizzo and his students from Università di Pisa have put lots of work into it. It is a different approach to the problem of firewall than PF and even though I don't use it I like the diversity.

It should be also mentioned that there is another separate active fork of IPFW developed by a DragonFly BSD guy which goes under the name IPFW2.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeBSD port for "PF" firewall management? tetra_user FreeBSD Ports and Packages 24 13th February 2015 08:32 PM
FreeBSD FreeBSD-based firewall m0n0wall 1.33 brings IPv6 improvements J65nko News 1 17th March 2011 08:54 PM
FreeBSD 8.0 Installation as router, firewall & packet filter Freeco FreeBSD Installation and Upgrading 3 7th May 2010 10:17 AM
FreeBSD as firewall/router on VMware ESXi Bruco FreeBSD General 12 6th December 2008 08:37 PM
FreeBSD firewall resources J65nko FreeBSD Security 0 1st June 2008 02:29 AM


All times are GMT. The time now is 02:07 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick