On 2014-07-21 09:57, bycn82 wrote: > There is no doubt that PF is a really good firewall, But we should noticed > that there is an ipfw which is originally from FreeBSD while PF is from > OpenBSD. > > If there is a requirement that PF can meet but ipfw cannot, then I think it > is better to improve the ipfw. But if you just like the PF style, then I > think choose OpenBSD is the better solution. Actually OpenBSD is another > really good operating system. > > Like myself, I like CentOS and ipfw, so no choice :) > >
The only thing I've really found lacking in IPFW is the NAT implementation. Specifically, when trying to do port-forwarding. All of the rules have to go in the single 'ipfw nat' rule, and it makes it cumbersome to manage. -- Allan Jude
signature.asc
Description: OpenPGP digital signature