[MLUG] [ot] Looking for high performance open source firewall
David Filion
david at filiontech.com
Wed Dec 17 12:07:35 EST 2008
David Filion wrote:
> Hi,
>
> Hi everyone, I'm currently in search of a high performance open source
> firewall. It must be a bridging firewall (nat is not an option) and be
> able to handle a 50+Mb syn attack. Any suggestions? I know iptables
> can handle the 50Mb, but I need something to deal with the invalid syns,
> aka a syn proxy. *BSD seems to have implemented it into a released
> kernel but I could not find anything for Linux (no mention of syn
> cookies please :-).
>
> I've been playing with a Checkpoint firewall that does it, but I'd love
> to replace it with an open source solution.
>
> Any pointers/links/suggestions?
>
> Thanks,
>
> David
>
> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>
"Rules with /synproxy/ will not work if pf(4)
<http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Current>
operates on a bridge(4)
<http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Current>."
- pf.conf manpage
doh!
David
More information about the mlug
mailing list