# Help with thesis. Please vote for your firewall! [ poll closed ]



## graudeejs (May 6, 2011)

Hello!

 This year I'm writing bachelors thesis about OpenSource firewalls.

 I'd like to ask all of you, who use OpenSource firewalls to vote:
[ poll ended, link removed -Mod. ]

 You will need to enter your email address, and will receive confirmation email (possibly in spam). This is to prevent some spam, and one person voting multiple times (ok, it won't prevent that one, but at least it can reduce numbers)


 Email addresses will not be used to contact you. They will not be given away, and as soon as I finish collecting stats (in about month) I will delete them.


 Please vote only once.

 P.S.
 I will publish stats in about month on http://wiki.bsdroot.lv, and update this thread.


----------



## phoenix (May 6, 2011)

Clicking on the verification link in the e-mail gives me a page with just *some error * in the top corner.  Possibly due to a *+* in the e-mail address I used?


----------



## _martin (May 6, 2011)

done; good luck on thesis. 

btw. pf is the best


----------



## graudeejs (May 6, 2011)

phoenix said:
			
		

> Clicking on the verification link in the e-mail gives me a page with just *some error * in the top corner.  Possibly due to a *+* in the e-mail address I used?



Thanks for heads up.
I found and fixed problem.

replace + with %2B in your verification link


----------



## phoenix (May 6, 2011)

That did it.  Vote confirmed.


----------



## graudeejs (May 6, 2011)

I removed e-mail verification, because I got accused about all evil on Earth on debian forum


----------



## Carpetsmoker (May 7, 2011)

Just add a simple CAPTCHA question, like "Enter the number 42 here" or "Enter any 16 digit prime number".

As long as you're not running a big site (Big enough for bots to specifically target) you should be fine.


----------



## graudeejs (May 7, 2011)

The idea behind email address was that I could use it as PRIMARY KEY. Now I need to set cookie.... (that's the problem)


----------



## zennybsd (May 7, 2011)

*Voted and best of luck!*

Voted! 

Wish you best of luck. 

/zenny


----------



## danger@ (May 7, 2011)

you got my vote too, good luck


----------



## aragon (May 7, 2011)

Mine too.  Where else have you posted the poll?


----------



## graudeejs (May 8, 2011)

gentoo, debian, opensuse, daemonforums, centos, pc-bsd forums and few ich channels


----------



## graudeejs (May 8, 2011)

Here's some stats (1st column = votes, not %):

Which firewall do you preffer

```
44 | pf
 24 | netfilter/iptables
  5 | other netfilter/iptables based
  4 | other
  3 | ipfw
  1 | npf
  1 | ipfilter
```

Which Os do you preffer for firewalling?

```
32 | GNU/Linux (any distro)
 27 | FreeBSD
 17 | OpenBSD
  4 | NetBSD
  1 | OpenSolaris and forks
  1 | other
```

82 people voted so far...

I thought *ipfw* will get much more votes


----------



## Carpetsmoker (May 9, 2011)

I know very few people who use ipfw, most use pf.

And whoever prefers iptables either has no experience with any of the other firewalls, or has some form of brain disease which renders the patient to compulsively prefer a horrible user interface, a retarded design model, and missing documentation.


----------



## graudeejs (May 9, 2011)

Carpetsmoker said:
			
		

> I know very few people who use ipfw, most use pf.
> 
> And whoever prefers iptables either has no experience with any of the other firewalls, or has some form of brain disease which renders the patient to compulsively prefer a horrible user interface, a retarded design model, and missing documentation.



Yes, if if you look at prefered firewalling os stats, you can see, that they are close to netfilter stats.
This is mostly because Linux users don't know about alternatives.

Some don't even know name of their firewall.

I have to admint, that stats on OpenSolaris & firends aren't fair, because I didn't call for vote on any OpenSolaris & friends related place.... (will have to do that or remove OpenSolaris stats, or merge them with others)


----------



## zennybsd (May 9, 2011)

I do not agree with being a hardcore/fundamentalist in the open source and free software world. Therefore, I am not for denouncing anyone using firewalls/router software other than pf/ipfw etc. Let people make their own choices. IMHO, we ought to admire diversity for a colorful world, worth living. ;-)

In my experience, I tried to run a few years back pf in a vanilla OpenBSD 4.3. But could not. The pretentious "more equal than others" attitude among the developers made me to give up. 

Case 1: I tried to make pf work for months with several configurations with 3-interfaces, and also read the related articles and books (cover to cover), but the local machines could never access the Net.

Then I wiped out OpenBSD and installed CentOS 4 and installed shorewall. In less than an hour, the firewall started working with some tweaking to my needs with the same hardware.

I know pfSense is there, but I prefer not to deal with fancy GUI (and the redundant resource use) rather than a simple text-based config file.

Case II: I needed to create a OS-level virtualized box. Tried with jails in the beginning. And have to give up because resource configurations to each virtual machine was not possible with jails (hopefully coming in 9-CURRENT). So I had to wipe out and go for openvz-based virtualization which only supports iptables-based firewall (used fridu firewall made specifically for it) as openvz is GNU/Linux specific.

Therefore, from my experience, I can say not to offend the quality of pf/ipfw that it is not always choice that matters, but obligation to deploy a working firewall in no time that makes a person to go for iptables/-based firewalls.

---------
*** If any of my replies helped you, please contribute to either http://www.freebsdfoundation.org/donate/ or http://www.thehumanape.org/. Appreciate it! Thanks for your understanding! ***


----------



## graudeejs (May 11, 2011)

Poll is closed now, results are here:
https://wiki.bsdroot.lv/fwpoll


----------

