Re: [fw-wiz] Free Firewalls? Thoughts...

From: Henning Brauer (
Date: 05/08/03

  • Next message: Volker Tanger: "[fw-wiz] Rationale for BSD (I)PF rule order?"
    Date: Thu, 8 May 2003 14:25:23 +0200

    On Thu, May 08, 2003 at 06:23:27PM +1200, Sean Barraclough wrote:
    > Hi all,
    > What are the thoughts on some of the "free" firewalls available. Such
    > firewalls as Darren Reeds IPF, or the OpenBSD PF? and the Linux offerings?
    > Performance?
    > Security?
    > Fancy tricks?
    > Just interested as to the thoughts out in the community.

    We're doing everything with OpenBSD's pf here at bsws. Performance is
    superiour, filtering 15k pps on a duron 700 at 10% CPU kicks ass.
    stateful of course.
    for security, well, I think that speaks for itself.
    and fancy tricks... yeah, there are a lot of. loading subrulesets into
    pre-defined anchors, independently from the main ruleset (even the
    anchor points can be conditional), tables for lightening fast lookups
    of big anounts of IP addresses in a rule, and, of course, the queueing
    we have incorporated kicks ass, assign packets to the different queues
    directly on you filter rules. if you filter statefull, you also have
    statefull bandwidth management, and the ability to give priority to
    _connections_ instead of _packets_ really kicks ass.

    of course, as a pf developer, there's some gain towards pf in my

    Henning Brauer, BS Web Services, -
    Unix is very simple, but it takes a genius to understand the simplicity.
    (Dennis Ritchie)
    firewall-wizards mailing list

  • Next message: Volker Tanger: "[fw-wiz] Rationale for BSD (I)PF rule order?"