[XCSSA] Help I'm under attack!
xcssa@xcssa.org
xcssa@xcssa.org
Thu, 2 Nov 2006 13:23:35 -0500
> Anyone who claims that iptables is equally capable, of which there
> are many, have failed to show me how to implement packet scrubbing
> on it. And that's just one feature.
Can do a limited set of scrubbing with ipbridge.
> Though iptables can (I believe)
> change the destination address on outbound packets and changing the
> destination on inbound packets, which pf cannot do.
You mean like this? http://www.onlamp.com/lpt/a/3280
or http://www.openbsd.org/faq/pf/nat.html#works
or visible versions of http://cfm.gs.washington.edu/security/firewall/pf-bridge/
various pf examples : https://www.solarflux.org/pf/
>
> Plus, it's written by the OpenBSD team. OpenBSD doesn't have anything
> like SELinux, though FreeBSD does have some (poorly documented) MAC.
>
> I don't run many daemons on my firewall though. I like to keep
> it simple, and run daemons on a DMZ, or a co-loc box.
>
> I like what I hear about pfsense, a firewall distro based around
> FreeBSD.
> --
> "Cryptography is nothing more than a mathematical framework for
> discussing various paranoid delusions." -- Don Alvarez
> <URL:http://www.subspacefield.org/~travis/> -><-
> _______________________________________________
> XCSSA mailing list
> XCSSA@xcssa.org
> http://xcssa.org/mailman/listinfo/xcssa
>