fschulze
commented
9 years ago We used ipfw before, but it's nat hangs since FreeBSD 10.0. It seems there is no firewall/nat combination that works flawlessly.
Open mzs114 opened 9 years ago
fschulze
commented
9 years ago We used ipfw before, but it's nat hangs since FreeBSD 10.0. It seems there is no firewall/nat combination that works flawlessly.
ndenev
commented
9 years ago AFAIK, pf should be working with VIMAGE now if used only on the host, and not within VIMAGE jails.
tomster
commented
9 years ago if ipfw is really needed it would be a simple matter of omitting the pf setup during the configuration step and then applying the required ipfw setup via your own playbook/role.
if you're still interested in that i could take a look and perhaps add a section about that in the documentation.
mzs114
commented
9 years ago @tomster yes that would help. Or, if it can, be kept agnostic.
I am evaluating BSDploy for a proposal, to replace infrastructure built on Ansible + CentOS + OpenVZ + iptables. I am a recent FreeBSD user and have not worked with BSD firewalls. And IPFW looked similar or easier compared to iptables.
I want to present a POC that FreeBSD + BSDploy can be used as a viable alternative.
Hello, I see that examples shown in RTD of BSDploy use pf. What about IPFW? Can I use it?
Btw, PF crashes BSD kernel built with VIMAGE, which was one of the reasons that made PC-BSD switch to IPFW. Refer -> https://forums.pcbsd.org/showthread.php?tid=19683