[MLUG] [ot] Looking for high performance open source firewall
Nicholas Accad
nicholas at accad.org
Wed Dec 17 14:17:57 EST 2008
People, we already established that netfilter/iptables does not
satisfy the requirements, so anything that mentions iptables is not
even remotely useful.
The only that will work on Linux that meets all the requirements is
CheckPoint, since to my knowledge this is the only alternative to
iptables on Linux systems.
The other option is obviously BSD/PF, you have several flavors, pick
one, I tend to go the FreeBSD way with a minimal install because I am
more comfortable with Free than with the other two (three?)
Since this is a LINUX mailing list, and since I am a list admin (:>),
I forbid you from discussing the merits/pitfall of different BSD
systems, so there.
OK, I'm only half kidding about that last part.
-nick
On Wed, Dec 17, 2008 at 12:43 PM, Alexandre Teixeira
<alexandre.abreu at gmail.com> wrote:
> Try Netfilter (IPTables) with Ethernet bonding driver of Linux in order to
> increase your throughput. If you don't like big commands and scripting maybe
> you can use Firewall Builder or this: http://www.iptablesfirewall.com/ss.php
> (never tested yet).
>
> Cheers
>
> Alexandre
>
> 2008/12/17 David Filion <david at filiontech.com>
>>
>> Bang on! Thanks Nick.
>>
>> David
>>
>> Nicholas Accad wrote:
>> > Telepathy
>> > duh!!
>> >
>> > Actually I think David was saying that he would prefer to have only
>> > one method, either GUI or command line, and if it's command line, he
>> > would prefer to do it himself instead of relying on configuration
>> > scripts (which I also find annoying)
>> >
>> > -nick
>> >
>> >
>> > On Wed, Dec 17, 2008 at 12:16 PM, The Anarcat <anarcat at anarcat.ath.cx>
>> > wrote:
>> >
>> >> On Wed, Dec 17, 2008 at 11:16:12AM -0500, David Filion wrote:
>> >>
>> >>> In this case, this is for purely a bridging firewall, nothing more.
>> >>> No
>> >>> web server in it's future (sorry Jean-Francois :-). If I go with
>> >>> "gui"
>> >>> firewall (aka m0n0wall or pfSense), I don't want to have to use a
>> >>> command line. If I go the command line route, I'll just do a setup
>> >>> from
>> >>> scratch.
>> >>>
>> >> Well, how do you expect to configure the machine outside of the
>> >> commandline or a GUI?
>> >>
>> >> Unless you mean a Cisco-like commandline:
>> >>
>> >> http://www.nmedia.net/nsh/
>> >>
>> >> --
>> >> Imagination is more important than knowledge
>> >> - Albert Einstein
>> >>
>> >> -----BEGIN PGP SIGNATURE-----
>> >> Version: GnuPG v1.4.9 (GNU/Linux)
>> >>
>> >> iEYEARECAAYFAklJM+cACgkQWGBzs0AjcC9zugCdFrSI/Ahq6aW3T0ovSOKqtD2k
>> >> oNgAn3+J54JohI+Yk9MTfZ6w1++veKAx
>> >> =kBqO
>> >> -----END PGP SIGNATURE-----
>> >>
>> >> _______________________________________________
>> >> mlug mailing list
>> >> mlug at listserv.mlug.ca
>> >>
>> >> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>> >>
>> >>
>> >>
>> > _______________________________________________
>> > mlug mailing list
>> > mlug at listserv.mlug.ca
>> >
>> > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>> >
>>
>> _______________________________________________
>> mlug mailing list
>> mlug at listserv.mlug.ca
>> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>
>
>
> --
> Alexandre Teixeira
> http://www.linkedin.com/in/inode
>
> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>
>
More information about the mlug
mailing list