Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Extended Discussion: The Role of Packet Filter and IPFW in Firewall Filtering
« previous
next »
Print
Pages: [
1
]
Author
Topic: Extended Discussion: The Role of Packet Filter and IPFW in Firewall Filtering (Read 204 times)
hsing
Jr. Member
Posts: 53
Karma: 0
Extended Discussion: The Role of Packet Filter and IPFW in Firewall Filtering
«
on:
August 27, 2024, 12:21:03 pm »
I would like to continue the discussion I had in this
forum thread
.
In that discussion, I learned that Packet Filter cannot filter Layer 2 packets, so I conducted further testing. I found that if the ARP table lacks corresponding IP and MAC entries, the firewall will block those packets. However, if the ARP table already has these records, the firewall filters the packets according to the rules.
It was also mentioned that using IPFW for Layer 2 filtering is easier to achieve, which I also tested. I modified /boot/loader.conf to ensure that Packet Filter loads after IPFW (although I initially intended to disable Packet Filter, it still started for some reason). In practice, filtering using IPFW was successful.
However, I’m curious why not use IPFW directly for all firewall rule filtering? Is there any information that explains why PF is considered more suitable for this task than IPFW?
These questions come from my limited experience, so if there are any mistakes, I welcome corrections. Thank you!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Extended Discussion: The Role of Packet Filter and IPFW in Firewall Filtering