I'm currently setting up a firewall that I absolutely need to use IPFW's pipe capabilities on. However, at some point in my ruleset, I'd like to be able to efficiently process large IP lists, which pf certainly excels at. An added of bonus of PF, would be full packet monitoring capability of logged packets via the pflog interface as opposed to IPFW's syslog out.
I'm wondering if it's possible to run both IPFW and PF (FreeBSD 8.x) simultaneously, passing off traffic from one to the other. I feel like this would give me the benefit of both of these great firewalls. Like I said my primary needs are IPFW's piping and large IP lists, where blocked packet capture/analysis is a bonus.
I understand there were some changes in 8.x, and was also wondering how they've affected the performance of both these firewalls, and if there's any general on advice on avoiding one or the other?
Thanks in advance!
I'm wondering if it's possible to run both IPFW and PF (FreeBSD 8.x) simultaneously, passing off traffic from one to the other. I feel like this would give me the benefit of both of these great firewalls. Like I said my primary needs are IPFW's piping and large IP lists, where blocked packet capture/analysis is a bonus.
I understand there were some changes in 8.x, and was also wondering how they've affected the performance of both these firewalls, and if there's any general on advice on avoiding one or the other?
Thanks in advance!