[PC-BSD Testing] thoughts on fwbuilder

Dru Lavigne drulavigne at sympatico.ca
Sun Jun 6 06:40:12 PDT 2010

are the thoughts of using fwbuilder (http://www.fwbuilder.org)
instead of the current GUI for 9.0? I suggest fwbuilder for the
following reasons:


- it's mature, well documented, and fairly intuitive for new firewall

- it means we don't have to create, debug and maintain our own utility
(the current GUI is quite buggy)

- it supports pf, ipfw, ipf, iptables, Cisco ACLs, etc. (so people who
like ipfw can use it on their PC-BSD system)

- it provides an interface similar to those seen in industry (e.g.
Checkpoint), allowing users to learn one tool regardless of operating
system or firewall

- the lead developer (Vadim) is responsive to change requests and likes
to see fwbuilder being used by BSD users

- the port maintainer (Cy Schubert) is good at keeping the port







Sounds like a great idea to me. It pretty much works great right now,
right? So what would stop us from just switching to it for 8.1 / 8.2?
It's just another slave port to add to the build, and sounds like the
benefits would be immediate :)


fwbuilder is stable. If you include the package in a future test build, I'll compile a ruleset that matches pf.conf and send it to you along with a screenshot so you know how the fwbuilder ruleset was created. It is then just a matter of referring to the compiled ruleset in /etc/rc.conf so it is loaded as the default. Users can create as many rulesets as they wish (using pf or ipfw) and load the desired ruleset on demand.  I can add firewall documentation to the User Handbook later this summer.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20100606/42641f0f/attachment.html>

More information about the Testing mailing list