Login to OSNews
Username or Email
Introducing NPF, NetBSD's new packet filter
on Wed 15th Sep 2010 14:27 UTC, submitted by Ed
is pleased to
, a new packet filter by Mindaugas Rasiukevicius. NPF is designed for high performance on multiprocessor machines, and for easy extensibility."
Permalink for comment 441517
To read all comments associated with this story, please
RE: GUI interface needed
on Fri 17th Sep 2010 18:10 UTC in reply to "
GUI interface needed
It's been a few years since I've used OpenBSD and FreeBSD (and perhaps things have changed), but back when I used the BSDs I felt that there was a vital need for a GUI interface to configure these packet-filtering systems. There are a number of GUI front-ends for Linux's system (iptables), my favorite one being Guarddog because it makes it easy to target which ports you want to block. There are even simpler tools like Firestarter, but these don't give you so many tweaking options - nevertheless, it's adequate for 99% of desktop users.
If you need a GUI to configure a firewall, the *BSD operating systems really aren't for you.
Firestarter is a poor excuse for a firewall frontend and Guarddog is a complete joke that is lacking many features. These are fine on simple home machines, as that is their intended use, but no knowledgeable system admin would use them on a server. Any good Linux admin would use iptables, from the command line, because of the sheer control the command line allows when compared to a limiting GUI application.
Both FreeBSD and OpenBSD provide excellent documentation for configuring IPFW/PF, especially when compared to iptables on Linux. All that is required by the end user is a little reading and the ability to follow instructions. If you cannot do this, you have no reason to be administrating such a complex firewall to begin with.
If you're building your own firewall from scratch, and you have programming skills, a GUI might not matter. But for dumb end-users like myself, spending hours or days trying to write firewall rules just isn't worth the hassle - especially since I'm not good at it and thus may unknowingly leave a big hole in my firewall.
Writing firewall rules in a configuration file is not the same as programming by any stretch of the imagination. Using your logic, it could be reasoned that no end user could ever configure a hard drive mount because "programming" /etc/fstab is just too difficult. Please.
Sign Up For The OSNews Newsletter!
Friends & Fans
OSNews Privacy Statement
Notice to Bulk Emailers
© 1997-2014 OSNews Inc. All Rights Reserved. OSNews and the OSNews logo are trademarks of OSNews.
Source Code © 2007-2014,
, except where noted
Reader comments are owned by the poster. We are not responsible for them in any way.
All trademarks, icons, and logos shown or mentioned in this web site are the property of their respective owners.
OSNews.com uses icons from the
© 2008 John Resig
Reproduction of OSNews stories is permitted only with explicit authorization from OSNews. Reproductions must be properly credited.