Which are the best firewall software?
I think is Pf. :)

Note:
Also i have add the linux firewall.

i like ipf (http://coombs.anu.edu.au/~avalon/) its nice and simple.

s/are/is ;)

Anyway, I like pf.. one can easily turn an old system into a very efficient firewall with OpenBSD+pf.

I like PF too , because I think it is very easy than IPTABLES

iptables has a confusing syntax to me, and it's overly complicated. pf actually has a well defined language for declaring firewall rules that's pretty intuitive.

addendum:
pf's in-kernel NAT also sets it apart from ipfw with its less reliable userland NAT daemon

PF for it's syntax and simplicity over iptables.

None! ;) d/software/
In OpenBSD, packet filtering takes place in the kernel.

None! ;) d/software/
In OpenBSD, packet filtering takes place in the kernel.The kernel is software, as much as we wish it was wetware compatible. ;)

OpenBSD's pf is a OSI layer 2 firewall, unlike the "software firewalls" in the Windows world.. :cool:

OpenBSD's pf is a OSI layer 2 firewall...

FWIW, ipfw and iptables can both filter at layer 2 as well.

I still voted for pf. It is syntactically easier, IMO.

FWIW, ipfw and iptables can both filter at layer 2 as well.

I still voted for pf. It is syntactically easier, IMO.Apologies, I wasn't trying to imply otherwise. ;)

pf because it's the easiest way I've ever been able to configure such things.


The configuration file has a language of it's own that is nice and neat -- which I like. I especially love the good section in the manual that outlines the pf.conf syntax in Backus–Naur Form (BNF), well once I figured out how to read BNF anyway :\


Not to mention it runs on the two operating systems I use most, FreeBSD and OpenBSD :-)

I'm for pf all the way.

Its easy to read and understand, has build in nat, works perfectly on load balancing and I can route traffic to where I want them to go.

pf, because OpenBSD is the gold standard for open-source firewalls.:cool:

I like especially pf for some unique advanced features.

About iptables starting from ubuntu hardy has been implemented, in part, a system similar to pf to make the firewall more simple and powerful.

I would like that the pf firewall became the default standard for all platforms bsd.

Note:
I think the apple use ipfw.

iptables has a confusing syntax to me, and it's overly complicated. pf actually has a well defined language for declaring firewall rules that's pretty intuitive.

addendum:
pf's in-kernel NAT also sets it apart from ipfw with its less reliable userland NAT daemon

ipfw in FreeBSD 7+ includes in-kernel NAT. See the nat keyword in the man page. It's not as intuitive as pf's, but it's there.

Wow, this is a land slide lol

if somebody could realistically compare ipfw and pf (or even ipf) in terms of features and capabilities that would be helpful.

I, too, am an advocate for pf but I have to learn iptables for customer's firewall. At first the iptables syntax was confusing but I'm finding it similar to pf syntax. I think Openbsd/pf has the edge in opensource firewall due to CARP/pfsync allowing for redundancy. I'm currently checking this cool IDS called fwsnort that works well with iptables. Has anyone played with this and care to share your experiences. Thanks.

Another vote for pf. Power, features, ease.

ufw
ipfw
pf

ipfw, because I learned it before FreeBSD supported pf and never had any need to learn anything else, as ipfw meets all of my needs just fine. As an aside, I've never had problems with userland natd and a divert rule.

pf
Because I still haven't tested the others.