Home
The Toolkit for Online Communities
16714 Community Members, 0 members online, 2288 visitors today
Log In Register
OpenACS Home : Forums : OpenACS Q&A : basic firewall features on RH 8.0 : One Message

Forum OpenACS Q&A: Re: basic firewall features on RH 8.0

Collapse
Posted by Frank N. on
If people are looking into creating serious, stand-alone firewalling machines based on Free Software, then I would suggest people consider OpenBSD. The care and feeding of pf, the OpenBSD in-kernel packet ... transmogrifier(?), is much easier to understand and admin than ip-tables IMNSHO.

And I probably don't have to mention that the OpenBSD folks takes security very, very seriously.

For comparison:

Ip-tables tutorial: http://iptables-tutorial.frozentux.net/iptables-tutorial.html

Complete OpenBSD PF documentation: http://www.openbsd.org/faq/pf/index.html

I currently admin 5 OpenBSD based firewalls, and it would take serious kicks from external forces to drive me back to using Linux for this particular application. My main personal DMZ splitter has 33 non-empty lines in the pf.conf file, of which 11 are macro definitions for addresses, networks and interfaces, yet it is configured for default-deny, redirects, 2x NAT, antispoofing, packet priority queueing and renormalisation, statefull/modulating firewalling etc.