[XCSSA] Help I'm under attack!
xcssa@xcssa.org
xcssa@xcssa.org
Wed, 1 Nov 2006 22:05:55 -0600
On Wed, Nov 01, 2006 at 09:55:26PM -0600, xcssa-admin@xcssa.org wrote:
> xcssa-admin@xcssa.org wrote:
> >What about some of you? What do you run for your gateway/router/firewall?
> >Homebrew/DIY?
Yes.
I have fooled around with many firewalls, and I have found pf to
be more capable of any of them. For a while, I was hiring myself
out to write the rules for them. It's free and comes on every BSD.
Anyone who claims that iptables is equally capable, of which there
are many, have failed to show me how to implement packet scrubbing
on it. And that's just one feature. Though iptables can (I believe)
change the destination address on outbound packets and changing the
destination on inbound packets, which pf cannot do.
Plus, it's written by the OpenBSD team. OpenBSD doesn't have anything
like SELinux, though FreeBSD does have some (poorly documented) MAC.
I don't run many daemons on my firewall though. I like to keep
it simple, and run daemons on a DMZ, or a co-loc box.
I like what I hear about pfsense, a firewall distro based around
FreeBSD.
--
"Cryptography is nothing more than a mathematical framework for
discussing various paranoid delusions." -- Don Alvarez
<URL:http://www.subspacefield.org/~travis/> -><-