IPFW Does a book about IPFW exist ?

Hi there,

I would like to know if you guys have heard or read a book that is talking about IPFW ?
I know there is at least one about PF (Book of PF - a no-nonsense guide to the openbsd firewall), but I can't find anything IPFW related so I wonder if someone can enlighten me on this.
Thank you.
 
"FreeBSD 6 Unleashed" have a very limited overview of the IPFW with a few examples so i don't recommend that one.
The current handbook is much better especially if you read rc.firewall script you can get very good general idea of the firewall rules. In general the knowledge about TCP/IP networking is more important instead of learning a specific firewall.
The PF offer a better debugging especially the ability to show the dynamic NAT translations which is currently not implemented in libalias (in kernel NAT) for IPFW. So if you just start your firewall journey i would recommend to stay on PF.
 
Hi there,

I would like to know if you guys have heard or read a book that is talking about IPFW ?
I know there is at least one about PF (Book of PF - a no-nonsense guide to the openbsd firewall), but I can't find anything IPFW related so I wonder if someone can enlighten me on this.
Thank you.

To use IPFW effectively you need to be familiar with at least the main sections of ipfw(8) that apply to the sort of use you need.

Yes it's a large manual at 190kb and 3390 lines, but is the essential reference. There are some good points in the handbook but also some strangeness.

As VladiBG says, studying the several different types of firewall in /etc/rc.firewall is good education in practical use in different scenarios.

For a single machine I start with the 'workstation' type, while developing it further.
 
"FreeBSD 6 Unleashed" have a very limited overview of the IPFW with a few examples so i don't recommend that one.
Ha yes I somehow found it on the net, I know you said it is recommended but just to see how it looks I'll read the dedicated part, I am curious.

In general the knowledge about TCP/IP networking is more important instead of learning a specific firewall.
Nice advice, I 'll try to keep that in mind. Thanks.

The PF offer a better debugging especially the ability to show the dynamic NAT translations which is currently not implemented in libalias (in kernel NAT) for IPFW
Thank you for the useful information.

To use IPFW effectively you need to be familiar with at least the main sections of ipfw(8) that apply to the sort of use you need.

Yes it's a large manual at 190kb and 3390 lines, but is the essential reference
That's precisely why I ask about a book because the manpage is what I wanted to avoid, for a firewall I think it's not convenient but that's probably just me since it doesn't bother anyone but me.

As VladiBG says, studying the several different types of firewall in /etc/rc.firewall is good education in practical use in different scenarios.
Yep, I already start by this file, I try every profil then export the rules for each one to look how the rules differ, well that's a start.


Thank you both of you for the advices, I will try to dig into the manpage once I 'll be ready for it, it's probably going to be a real pain for a non IT guy ... but first TCP/IP.
 
gotnull, I'm with you on this; I'd love an IPFW book.

It took me months to figure out the IPFW configuration I'm running today. I remember printing out my rules several times and sitting out in the back yard, "running" them mentally in every scenario I could think of. IPFW felt somewhat more low-level and demanding of TCP/IP knowledge than other firewalls I'd used before.
 
Thank you robroy hopefully Micheal W Lucas (author of few BSD books) will read this thread and will think about it for his next book :)

In the past years I only played with Iptables (I am coming from the Linux world obviously), most of the time I used a wrapper (ufw) so the work was done for me, if I am lost I just have to search on the net for people having the same trouble and it is enough to get me out from a bad situation without to understand/know every details of the network.
With FreeBSD it's different, not the same public, not the same approach, not as popular as Linux, way less readings outside of this forum on the net and no wrapper, so it requires more digging and work, but the good news is I don't need to rush it because it's only for fun.

For anyone interested there is a short article on IPFW in the FreeBSD Journal may/june 2014.

BTW I am really glad, they decided to gave free access to all The FreeBSD Journal.
Obviously not everything is for me because it's largely IT oriented, but some parts are nice to read for those who want to know a bit more about FreeBSD, its capabilities and what you can do with it in real world.
 
Back
Top