Firewalls are the one thing I don't really like on FreeBSD. It gives you 3 options but the handbook doesn't provide much guidance on the pros and cons of each.
I'd prefer it if there was one favored one that all the effort went into to make it really good, just like with everything else FreeBSD. This is not arch where you have to handpick each component :)
Of the 3 FreeBSD firewalls, ipfw is the native firewall, like iptables is for Linux.
The pf firewall is a fork of the OpenBSD firewall. It is the normal choice for someone already familiar with using OpenBSD firewalls. Otherwise, a new user should choose between ipfw and pf the one whose configuration seems easier to understand.
I happen to prefer ipfw, because writing a configuration file for ipfw is exactly like writing a program in a programming language (a language very much like BASIC), which examines the incoming or outgoing packets, by executing instructions sequentially. Others find the syntax used by pf more pleasant, but I find it more difficult to reason about which is the matching rule that will be selected by pf for execution for a certain packet.
The third firewall, ipfilter, is also provided mainly for the former users of it on other operating systems. I am not aware of any particular advantage for it.
Exactly, I found out the same with some googling, but the handbook specifically mentions it will describe the differences and then neglects to do it :)
I was first considering pf because I used it on Mac before, but the problem is the freebsd version was forked quite a long time ago and has different features than the openbsd version as a result.
I went for ipfw mainly because it seems to see the most active development.
But really, I wish FreeBSD would just pick one as standard and keep the others around for compatibility reasons if needed. One of the reasons I like FreeBSD is that you don't have to make such choices. Things have well chosen defaults.
Contrast this with arch which I mentioned, that even lets you decide which mechanism to use for network management (e.g. net manager, connman, systemd-networkd, netctl). It describes this choice really well in its excellent wiki, but when I tried arch it meant I had to do this kind of decision for pretty much every part of the OS :) What I like for FreeBSD is that they keep things simple.
I think Arch and FreeBSD have a lot in common, they're both intended for users that don't expect to click through everything and just dump you on a command prompt where you can set up stuff the way you want, instead focusing on excellent documentation.
I use FreeBSD on my daily driver PC now as I thought Arch was too much work with all the choices, and on the other hand the one thing I did want to change (systemd) it didn't allow.
>>CRUX is a lightweight Linux distribution for the x86-64 architecture targeted at experienced Linux users. The primary focus of this distribution is keep it simple, which is reflected in a straightforward tar.gz-based package system, BSD-style initscripts, and a relatively small collection of trimmed packages.
>>Inspired by CRUX, another minimalist distribution, Judd Vinet started the Arch Linux project in March 2002. The name was chosen because Vinet liked the word's meaning of "the principal," as in "arch-enemy"
BTW Crux is still a great distro, limited packages yes, but absolutely simple and rocksolid.
I like FreeBSB too...well it's my main system since years >8 probably. But if it need's to be linux then Alpine Arch Crux....or the RHEL's Debian's...if i really have to use them.
I'd prefer it if there was one favored one that all the effort went into to make it really good, just like with everything else FreeBSD. This is not arch where you have to handpick each component :)