Re: Looking into a new firewall
From: Berk S. Daemon (someone@somewhere.com)Date: 03/02/02
- Next message: P@je: "port 139"
- Previous message: Greg Hennessy: "Re: Allowing ESP and IPSec/TCP"
- In reply to: easytoker: "Re: Looking into a new firewall"
- Next in thread: easytoker: "Re: Looking into a new firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Berk S. Daemon" <someone@somewhere.com> Date: Sat, 02 Mar 2002 10:01:06 GMT
"easytoker" <blunt_killer@hotmail.com> wrote in message
news:da0g8.915$T62.497@sccrnsc02...
> openbsd went out of there way to make ipf a pain to get working. there
> kernel has to be completly reworked for the hooks to work. there pf
version
> that replaced the ipf has only been arround since 3.0..and thats like what
> 7mo now. i was a loyal openbsd fan until 3.0 and every sys. admin i know
has
> moved over to netbsd with the ipf. pf being out less than a year is beta
as
> far as i am concerned. ipf has been arround years and the code has
matured.
> who wants beta for a production firewall?
Wow, no offence but you're sure out of touch with IPF, even though you claim
to use it on NetBSD.
Check for yourself, www.ipfilter.net works on OpenBSD 3.0 - don't just take
my word for it, see for yourself!
Finally, Darren has setup the proper scripts to work with OpenBSD if you
want to use the latest and greatest (not OpenBSD audited that is).
An ISO is also available from him, with the sources. Kinda lame if you ask
me though but that's a different story all together.
The other thing is... If you had problems with IPF in OpenBSD from <= v2.9
then wow, you must be the first and only! OpenBSD has never shipped a
version of OpenBSD with a non-working IPF in it. Works right out of the box
so I still can't seehow you had any problems.
Your mention of the SysAdmins moving to NetBSD because they didn't know how
to hook in IPF in 3.0 doesn't sound to me like a competant
sysadmins!Especially when Darren Reed, the author of IPF that has finally
made proper scripts for OpenBSD 3.0! Hell, even if they don't know how to
either, there's always USENET, Mailing Lists, Mail List Archives and Google
or do they not have internet access?
PF is still new, so was IPF at one point. Not to mention, PF has already
surpased IPF in features now. Take this into consideration and think how
fast they did this, what it will be like when it's the same age IPF is now.
WOW is about the only word I can think of.
Take no offence to any of this, nothing personal nor nothing against NetBSD
this is just my opinion(s) below:
I've tried NetBSD, and just simply wasn't for me. NetBSD is very well
documented and coded, but the installer sucks (seriously). The installer
looks good for a newbie, but doesn't play nice. It's neat in a sense that
their goal is portability, to every known hardware platform known to man...
Including your toaster over, but for me personally, that's too wide spread
and not enough focus on the major/important platforms. x86, sparc, sparc64,
ppc, etc.
The good thing about the various BSD's (unlike Linux, where Linux is just
one kernel, with a multitude of over fragmented distro's - 189 last I
counted) is that it's about 'choice' and more 'freedom'!
One more thing I thing worth mentioning, is that Darren's main focus of
developing IPF was always on NetBSD & Solaris *primarily* not really OpenBSD
hence one of the reasons his newer versions never worked well with OpenBSD.
The OpenBSD crew were mostly the ones to have to correct things.
As is, I still use IPF but plan on migrating to PF pretty soon - many more
nicer features and gladly, it's a 'native' OpenBSD Packet Filter.
As for your reply below this about Cisco PIX I'd say if it's not absoloutly
needed, then PF or IPF instead of paying out the yin yang!
Regards.
- Next message: P@je: "port 139"
- Previous message: Greg Hennessy: "Re: Allowing ESP and IPSec/TCP"
- In reply to: easytoker: "Re: Looking into a new firewall"
- Next in thread: easytoker: "Re: Looking into a new firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
