Mastodawn

#FreeBSD #HotTake: Even though everyone with deeper #firewall juju than myself says #pf is better than #ipfw, so I guess it must be, I still like knowing my rules by numbers that don’t change. Plus I have tools written over many years around ipfw and would need to totally redesign them conceptually for pf. I don't have enough working years to do that.

#Sysadminnery

Shawn Webb Jan 6

#FreeBSD #ipfw firewall kernel module now builds with -ftrivial-var-auto-init=zero on #HardenedBSD 16-CURRENT: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/7653c25fa562589b56328c4342a06134506a57fc

HBSD: Opt ipfw into -ftrivial-var-auto-init=zero (7653c25f) · Commits · HardenedBSD / HardenedBSD · GitLab

Signed-off-by: Shawn Webb MFC-to: 15-STABLE

GitLab

🆘Bill Cole 🇺🇦Feb 18, 2025

#TIL: #ipfw’s “me” does not include the local network's broadcast address.

I know this because I’m building the bespoke packet filter for a new system (to characterize+quiet its real background noise) and had a long WTF session because I missed the last octet.

#Sysadminnery #FreeBSD #InfoSec

Amit Kamalbhai Dhanani Feb 10, 2025

Do you want to know how to do firewalling and Traffic shaping/Bandwidth control on Freebsd ? Then follow below link

https://amitdhanani.in/2025/02/10/how-to-setup-firewall-and-traffic-shaping-with-ipfw-on-freebsd/

#Freebsd #ipfw #dummynet #trafficshaping #bandwidth #Firewall

How to Setup Firewall and Traffic shaping with ipfw on Freebsd?

To setup Firewall and Traffic shaping on Freebsd using ipfw and dummynet module please check below git repo. I used traffic shaping for ssh using ipfw firewall with dummynet module

IT Consulting & IT Training

Jorge Schrauwen Jul 29, 2024

Has anyone gotten sslh transparent mode working on #FreeBSD with #pf instead of #ipfw ?

Mazhe Oct 28, 2023

#freebsd users of various usecases, not wanting to start a firewall war, but I've noticed in the last years that #ipfw was not advertised much compared to #pf. is there consensus or pseudo-official recommendation for the future?

AFAIK ipfw is the only one to have in-kernel NAT (which at some point was the only way for me to make RTSP streams work) and had previously a performance advantage, but pf obviously make rules nicer being higher level...

Show thread

Stephan Lichtenauer | נח סתו Jun 16, 2023

#FreeBSD30 timeline - a few things that happened during these 30 #FreeBSD years:

#UNIX #BSD #MULTICS #1BSD #2BSD #42BSD #43BSD #386BSD #ipfw #FreeBSDCon #BSDCON #ports #jails #FreeBSDFoundation #kqueue #EuroBSDCon #CoreTeam #AsiaBSDCon #BSDCAN #pf #OpenBSD #ZFS #DTrace #VNET #Capsicum #Cheri #Poudriere #clang #llvm #subversion #OpenZFS #git

#FreeBSDDay

https://freebsdfoundation.org/freebsd/timeline/

Timeline | FreeBSD Foundation

FreeBSD Foundation | A non-profit organization dedicated to supporting and building the FreeBSD Project

グレェ「grey」Jan 26, 2023

After seeing more about that Apple scanning thing, and ye olde #LittleSnitch I couldn't help but wonder:

Hasn't someone somewhere come up with an alternative to Little Snitch in the libre/free open source software world? After all, #macOS uses #pf (from #OpenBSD) these days (though previously it was using #ipfw from #FreeBSD).

The answer is yes: #LuLu: https://objective-see.org/products/lulu.html

The associated #GitHub repo: https://github.com/objective-see/LuLu

It has a #Homebrew formula, no #MacPort, I may have to fix that.