Re: [fw-wiz] Free Firewalls? Thoughts...

From: Henning Brauer (hostmaster_at_bsws.de)
Date: 05/08/03

Next message: Volker Tanger: "[fw-wiz] Rationale for BSD (I)PF rule order?"

Previous message: Micha? Dobaczewski: "Re: [fw-wiz] Port forwarders - which one is best for HTTPS?"
In reply to: Sean Barraclough: "[fw-wiz] Free Firewalls? Thoughts..."
Next in thread: Smith Gary-GSMITH1: "RE: [fw-wiz] Free Firewalls? Thoughts..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Thu, 8 May 2003 14:25:23 +0200

On Thu, May 08, 2003 at 06:23:27PM +1200, Sean Barraclough wrote:
> Hi all,
>
> What are the thoughts on some of the "free" firewalls available. Such
> firewalls as Darren Reeds IPF, or the OpenBSD PF? and the Linux offerings?
>
> Performance?
> Security?
> Fancy tricks?
>
> Just interested as to the thoughts out in the community.

We're doing everything with OpenBSD's pf here at bsws. Performance is
superiour, filtering 15k pps on a duron 700 at 10% CPU kicks ass.
stateful of course.
for security, well, I think that speaks for itself.
and fancy tricks... yeah, there are a lot of. loading subrulesets into
pre-defined anchors, independently from the main ruleset (even the
anchor points can be conditional), tables for lightening fast lookups
of big anounts of IP addresses in a rule, and, of course, the queueing
we have incorporated kicks ass, assign packets to the different queues
directly on you filter rules. if you filter statefull, you also have
statefull bandwidth management, and the ability to give priority to
_connections_ instead of _packets_ really kicks ass.

of course, as a pf developer, there's some gain towards pf in my
view.

-- 
Henning Brauer, BS Web Services, http://bsws.de
hb@bsws.de - henning@openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Volker Tanger: "[fw-wiz] Rationale for BSD (I)PF rule order?"

Previous message: Micha? Dobaczewski: "Re: [fw-wiz] Port forwarders - which one is best for HTTPS?"
In reply to: Sean Barraclough: "[fw-wiz] Free Firewalls? Thoughts..."
Next in thread: Smith Gary-GSMITH1: "RE: [fw-wiz] Free Firewalls? Thoughts..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Defense in Depth
... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ...
(Security-Basics)
RE: Wireless Security for Home Users
... for most home users to create and/or manage 2 firewalls and a DMZ. ... As with most network security, ... investigate additional security features available from the WAP ...
(Security-Basics)
RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
... > 1) I don't trust MS products for security related tasks. ... firewalls running on NT? ... necessary steps to mitigate the risk and protect yourself. ... We still had six boxes hit. ...
(Full-Disclosure)
RE: IDS is dead, etc
... Most firewall logs are just as tough to decipher as IDSs. ... Automated security analytics is a tough animal I don't care what the system. ... firewalls and IDSs, not just IDSs. ... There is no solution to these problems, therefore IDS is dead and we ...
(Focus-IDS)
PenTest Checklist
... wanted to know what your favorite tools/methods are for testing methods ... F- Web App Testing - tests website as an application for security holes, ... all firewalls should be tested together and ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
(Security-Basics)