[PC-BSD Testing] thoughts on fwbuilder
drulavigne at sympatico.ca
Sun Jun 6 06:40:12 PDT 2010
are the thoughts of using fwbuilder (http://www.fwbuilder.org)
instead of the current GUI for 9.0? I suggest fwbuilder for the
- it's mature, well documented, and fairly intuitive for new firewall
- it means we don't have to create, debug and maintain our own utility
(the current GUI is quite buggy)
- it supports pf, ipfw, ipf, iptables, Cisco ACLs, etc. (so people who
like ipfw can use it on their PC-BSD system)
- it provides an interface similar to those seen in industry (e.g.
Checkpoint), allowing users to learn one tool regardless of operating
system or firewall
- the lead developer (Vadim) is responsive to change requests and likes
to see fwbuilder being used by BSD users
- the port maintainer (Cy Schubert) is good at keeping the port
Sounds like a great idea to me. It pretty much works great right now,
right? So what would stop us from just switching to it for 8.1 / 8.2?
It's just another slave port to add to the build, and sounds like the
benefits would be immediate :)
fwbuilder is stable. If you include the package in a future test build, I'll compile a ruleset that matches pf.conf and send it to you along with a screenshot so you know how the fwbuilder ruleset was created. It is then just a matter of referring to the compiled ruleset in /etc/rc.conf so it is loaded as the default. Users can create as many rulesets as they wish (using pf or ipfw) and load the desired ruleset on demand. I can add firewall documentation to the User Handbook later this summer.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Testing