Earlier I had said that I'd chosen pf
because it was the first one I had tried and it seemed to fill my need (which was to allow access to the world, or just to the local network, or just to localhost, or to nothing, as a function of user ID, depending on the conscious choice of that user). But many useful comments in this thread, and outside resources cited by those comments, have persuaded me to look sideways at pf
, growl defensively, and back away slowly. So then I looked at ipfw
.
From a user standpoint, what a huge difference! The rules have rule numbers! The rules are addressible! I don't need to rewrite a changed config file, after perhaps parsing for outdated rules and removing those lines. All I need to do is map user ID's to rule numbers (a trivial exercise) and issue one ipfw
command (or maybe two), and I'm done.
For future flexibility, it would have been nice to have the maximum rule number be 2^31-1, not 2^16-1, but that's minor.