PF GUI for firewall pf log analysis?

Preferred by whom?

Seriously, there's a reason different firewalling solutions come with FreeBSD. It's up to you to make your own choice. You should pick IPFW because you like it best, not because it was initially implemented within FreeBSD ;)
 
Also this time the translator did not allow me to explain myself better.
I preferred IPFW because usually with the same configuration I like to give more space to the native tools of any type of software especially if, as in my case, it is simply blocking all the traffic entering my workstation and I do not need elaborate configurations.
I have never been a fan of "ports" in general, I only use them if I have special needs that the default software does not allow me to satisfy.
Sorry but my English is little more than enough.
 
I don't think this is a translation issue (which is kind of a good thing, right?)

Both pf and ipfilter are integrated with FreeBSD as well, so they are not "ports" (although they were "ported" at some time in the past to FreeBSD). It just means, you're free to decide which packet-filter to use for setting up your firewall. There's no officially "preferred" one, and people will have different preferences :)
 
IPFW is a reasonable tool to set up firewalling for a typical workstation.
pf is also reasonable tool to set up firewalling for a typical workstation.
FreeBSD pf was originally ported from OpenBSD, but is not a typical "port" in the /usr/ports sense. As other point out, it's been part of FreeBSD for quite a while now and is as much part of FreeBSD as is IPFW, a default install of FreeBSD gives you both.

The tools work differently (one is first match wins, the other last match wins), some people think IPFW is easier to use than pf, there are others that think pf is easier to use than IPFW. IPFW logs to syslog so you need to process that. pf logs to a pcap interface (as others have said); this is easy to tcpdump/wireshark on.

I've used both for your use case, both work fine, both are easy to configure.
Putting this /etc/rc.conf is enough to get IPFW working as a simple workstation firewall. /etc/defaults/rc.conf has more variables if you need to tweak.

firewall_enable="yes"
firewall_type="workstation"

my opinions.
 
some people think IPFW is easier to use than pf, there are others that think pf is easier to use than IPFW.
I find the syntax of pf.conf easier to understand. But yes, it's more a personal preference than anything else.
 
SirDice I should have put that in my post. I personally find the syntax of pf easier, especially on complex set ups, like a pfSense box (it's nice to be able to understand the rules as applied), but IPFW feels more like IpTables if one comes from Linux.
 
Back
Top