FreeBSD as a firewall

Randy Smith randys at amigo.net
Mon Apr 7 08:22:46 PDT 2003 

On Sun, 6 Apr 2003, ljacobs wrote:

> Date: Sun,  6 Apr 2003 14:08:44 -0400
> From: ljacobs <lj at mandala-designs.com>
> To: "freebsd-isp at freebsd.org" <freebsd-isp at freebsd.org>
> Subject: FreeBSD as a firewall
>
> Folks --
>
> If you are using IPFW or IPFilter or PF as a packet filer/firewall on
> your FreeBSD system I am interested in hearing about your configuration
> and satisfaction with your setup. How did you make your dwecision?

I like FreeBSD and didn't feel the need to use a different OS in this
case. I choose IPFW because the benchmarks I saw (I don't remember
where now) showed that it perfomed slightly better than IPF for the
forwarding I needed for the transparent prxoes. Those same benchamrks
showed IPF was a bit faster doing nat. PF didn't exist at the time.

I haven't used IPFW2 which is supposed to be much faster than IPFW.

> What type of hardware are you running this on?

It varies. Most of my firewalls are also proxies or doing other things. My
"worst" box is a pentium-200MHz job with 32 MB of RAM. My "best" box is a
dual PIII-500MHz with 1GB RAM.

> Do you have anything else running on that computer besides the firewall?

Generally, my firewalls are also transparent proxies. One of them is also
the gateway for my mail server cluster and is doing quite a bit. (It is
also an emergency node for the cluster and handles web mail duties.)

> Have you had any breakins in spite of this protection?

Not that I can tell.

> Would you consider OpenBSD as an alternative for a firewall because of
> its security and ease of using and managing PF?

I've heard that OpenBSD is a good solution but I have never tried it so I
can't comment further.

>
> Thanks for any comments.
>
>
> ________________________________________________________________
> Sent via the WebMessaging system at mandala-designs.com
>
>
>
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>

-- 
Randy Smith
Amigo.Net Systems Administrator
1-719-589-6100 x 4185
http://www.amigo.net/

More information about the freebsd-isp mailing list