19 lines
1.4 KiB
Markdown
19 lines
1.4 KiB
Markdown
+++
|
|
title = "choosing a firewall on freebsd"
|
|
date = "2014-01-06T16:15:58+00:00"
|
|
author = "Gibheer"
|
|
draft = false
|
|
+++
|
|
|
|
As I was setting up a firewall on my freebsd server I had to choose between one of the three firewalls available.
|
|
|
|
There is the freebsd developed firewall ipfw, the older filter ipf and the openbsd developed pf. As for features they have all their advantages and disadvantages. Best is to read [firewall documentation](https://www.freebsd.org/doc/handbook/firewalls-apps.html) of freebsd.
|
|
|
|
In the end my decision was to use pf for one reason - it can check the syntax before it is running any command. This was very important for me, as I'm not able to get direct access to the server easily.
|
|
|
|
ipf and ipfw both get initialized by a series of shell commands. That means the firewall controll program gets called by a series of commands. Is one command failing, the script may fail and the firewall ends up in a state undefined by the script. You may not even get into the server by ssh anymore and needs a reboot.
|
|
|
|
This is less of a problem with pf, as it does a syntax check on the configuration beforehand. It is not possible to throw pf into an undefined state because of a typo. So the only option left would be to forget ssh access or anything else.
|
|
|
|
I found the syntax of pf a bit weird, but I got a working firewall up and running which seems to work pretty well. ipfw looks similar, so maybe I try it the next time.
|