Re: NetBSD + npf for main Internet-facing firewall?

To: netbsd-users%netbsd.org@localhost
Subject: Re: NetBSD + npf for main Internet-facing firewall?
From: Paul Ripke <stix%stix.id.au@localhost>
Date: Fri, 26 Feb 2021 12:02:03 +1100

On Thu, Feb 25, 2021 at 05:03:24PM +0000, U'll Be King Of The Stars wrote:
> Hi all,
> 
> I'm considering running NetBSD on Supermicro A1SRi-2758F server for my
> Internet-facing firewall and main switch.  I love this server for home
> servers because it's so quiet, and has many other suitable attributes.
> 
> My plan is to run npf as the main firewall, and to use this machine as
> the primary switch.
> 
> The funny thing is that I've noticed that not many NetBSD users openly
> discuss using npf for this purpose.  This would seem a natural use case
> to me.  (I should remember to follow my own rules and never make
> assumptions.)
> 
> It seems like a natural thing for fellow users to do.  But are my
> assumptions a bit off?
> 
> Kind regards,
> 
> Andrew

I have used ipf, pf and now npf for my little home network for several
years. It's performed very well - the only two "gotchas" I tripped over
were:

 - tripped over now fixed port range bug (pr/54169).
 - spent a bit of time trying to get VoIP working, and discovered I
   needed "set ip4.reassembly 1" in my config.

Otherwise, it seems to do the job for me, both IPv6 and IPv4 with NAT.

-- 
Paul Ripke
"Great minds discuss ideas, average minds discuss events, small minds
 discuss people."
-- Disputed: Often attributed to Eleanor Roosevelt. 1948.

References:
- NetBSD + npf for main Internet-facing firewall?
  - From: U'll Be King Of The Stars

Prev by Date: Re: NetBSD + npf for main Internet-facing firewall?
Next by Date: Re: NetBSD + npf for main Internet-facing firewall?
Previous by Thread: Re: NetBSD + npf for main Internet-facing firewall?
Next by Thread: Re: NetBSD + npf for main Internet-facing firewall?
Indexes:

Home | Main Index | Thread Index | Old Index