Linked by Thom Holwerda on Wed 15th Sep 2010 14:27 UTC, submitted by Ed
NetBSD "The NetBSD Foundation is pleased to announce NPF, a new packet filter by Mindaugas Rasiukevicius. NPF is designed for high performance on multiprocessor machines, and for easy extensibility."
Permalink for comment 441517
To read all comments associated with this story, please click here.
RE: GUI interface needed
by foldingstock on Fri 17th Sep 2010 18:10 UTC in reply to "GUI interface needed"
Member since:

It's been a few years since I've used OpenBSD and FreeBSD (and perhaps things have changed), but back when I used the BSDs I felt that there was a vital need for a GUI interface to configure these packet-filtering systems. There are a number of GUI front-ends for Linux's system (iptables), my favorite one being Guarddog because it makes it easy to target which ports you want to block. There are even simpler tools like Firestarter, but these don't give you so many tweaking options - nevertheless, it's adequate for 99% of desktop users.

If you need a GUI to configure a firewall, the *BSD operating systems really aren't for you.

Firestarter is a poor excuse for a firewall frontend and Guarddog is a complete joke that is lacking many features. These are fine on simple home machines, as that is their intended use, but no knowledgeable system admin would use them on a server. Any good Linux admin would use iptables, from the command line, because of the sheer control the command line allows when compared to a limiting GUI application.

Both FreeBSD and OpenBSD provide excellent documentation for configuring IPFW/PF, especially when compared to iptables on Linux. All that is required by the end user is a little reading and the ability to follow instructions. If you cannot do this, you have no reason to be administrating such a complex firewall to begin with.

If you're building your own firewall from scratch, and you have programming skills, a GUI might not matter. But for dumb end-users like myself, spending hours or days trying to write firewall rules just isn't worth the hassle - especially since I'm not good at it and thus may unknowingly leave a big hole in my firewall.

Writing firewall rules in a configuration file is not the same as programming by any stretch of the imagination. Using your logic, it could be reasoned that no end user could ever configure a hard drive mount because "programming" /etc/fstab is just too difficult. Please.

Reply Parent Score: 1