[MLUG] [ot] Looking for high performance open source firewall
hendrik at topoi.pooq.com
hendrik at topoi.pooq.com
Thu Dec 18 05:12:01 EST 2008
On Wed, Dec 17, 2008 at 10:08:08AM -0500, Nick Sklav wrote:
> On Wed, 2008-12-17 at 09:14 -0500, David Filion wrote:
> > Hi,
> >
> > Hi everyone, I'm currently in search of a high performance open source
> > firewall. It must be a bridging firewall (nat is not an option) and be
> > able to handle a 50+Mb syn attack. Any suggestions? I know iptables
> > can handle the 50Mb, but I need something to deal with the invalid syns,
> > aka a syn proxy. *BSD seems to have implemented it into a released
> > kernel but I could not find anything for Linux (no mention of syn
> > cookies please :-).
> >
> > I've been playing with a Checkpoint firewall that does it, but I'd love
> > to replace it with an open source solution.
> >
> > Any pointers/links/suggestions?
> >
> > Thanks,
> >
> > David
>
>
> Try Shorewall -> www.shorewall.net
>
> I swear by it and in all honesty it is very versatile and i believe it
> handles all the option you have listed and it runs on all flavors of
> linux.
>
I believe it uses iptables to do its low-level packet-filtering.
- hendrik
> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
More information about the mlug
mailing list