Hello, I see that examples shown in RTD of BSDploy use pf. What about IPFW? Can I use it?

Btw, PF crashes BSD kernel built with VIMAGE, which was one of the reasons that made PC-BSD switch to IPFW. Refer -> https://forums.pcbsd.org/showthread.php?tid=19683

We used ipfw before, but it's nat hangs since FreeBSD 10.0. It seems there is no firewall/nat combination that works flawlessly.

AFAIK, pf should be working with VIMAGE now if used only on the host, and not within VIMAGE jails.

if ipfw is really needed it would be a simple matter of omitting the pf setup during the configuration step and then applying the required ipfw setup via your own playbook/role.

if you're still interested in that i could take a look and perhaps add a section about that in the documentation.

@tomster yes that would help. Or, if it can, be kept agnostic.

I am evaluating BSDploy for a proposal, to replace infrastructure built on Ansible + CentOS + OpenVZ + iptables.
I am a recent FreeBSD user and have not worked with BSD firewalls.
And IPFW looked similar or easier compared to iptables.

I want to present a POC that FreeBSD + BSDploy can be used as a viable alternative.