On Fri, Feb 13, 2015 at 03:45:30PM -0600, Rafael Possamai wrote:
What is the alternative then... Does he have the time to become a BSD guru and master ipfw and pf? Probably not feasible with all other job duties, unless he locks himself in his mom's basement for the next 5 years.
I know this will come a shock, but there are now a plethora of how-to's and tutorials and books and FAQs and examples for pf. Getting from zero to a first-order working configuration, especially for someone already familiar with FreeBSD (as in this case) should not entail more than a couple of days of reading and tinkering. And it's most definitely not necessary to become a BSD guru in order to run: pfctl -f /etc/pf.conf Obviously complex use cases will require more understanding, but that's a constant regardless of the platform. There's really no point-and-drool shortcut for actually understanding what your network's doing, why it's doing it, and how it's doing it in sufficient depth to figure out which parts of that are goodness and which are dubious -- worse. To quote Ranum, "How can you call yourself a 'Chief Technology Officer' if you have no idea what your technology is doing?" ---rsk