open source freebsd security appliance project

Danial Thom danial_thom at
Mon Jan 23 09:24:26 PST 2006

The question of the day is: why are you porting
it to 6.0? Have you proven that its better?

There are many commercial "appliances" that are
sticking with 4.x because its more suitable for
that kind of application. The issue with an
open-source type of appliance is capacity; The
kind of people that really need such an appliance
AND have the talent in house to benefit from it
usually need more than ALTQ and IPFIREWALL can
deliver. You'll only diminish that by going to
6.0, while also introducing the one thing that
will keep anyone from using any product:
instability. After all, a slow stable appliance
is of some use to some people; while even a
really fast unstable appliance is of use to
no-one at all.


--- Vincent Chen <vctw at> wrote:

> Hi, all
> I have tried to build a security applicance
> based on FreeBSD 4.7 since 2001.
> Which contains:
> central syslog server (syslogd)
> ntp sevice (ntpd)
> dhcp server (dhcpd)
> dns (bind)
> IPSec (ipsec-tools)
> PPTP (mpd)
> firewall (ipfilter)
> traffic shape (ALTQ)
> IDS (snort)
> Utilization monitor (MRTG)
> Web console including
> 1. report system for firewall, ids, system
> 2. configuration interface for some sub-system
> (not actually working yet)
> Recently, I upgraded this appliance to FreeBSD
> 6.0. Now I got:
> * a new list of required package
> * a custom kernel configuration file for 6.0
> * collection of my custom packages (mostly perl
> based)
> Old web pages for this appliance avaliable
> here:
> Some code are broken after upgrade to 6.0. A
> document to put them all togather
> is not completed yet. I plan to start a open
> source project base on current
> resource and the goal is to build a small and
> compact FreeBSD security
> appliance, most importantly cost effective. The
> first step is starting a close
> test before release it to public and discuss
> how to proceed. If you are FreeBSD
> power user and interested, you are welcome to
> contact me and receive a copy of
> current work. Any suggestions are always
> welcome.
> Vincent Chen
>  ³Ì·sª© Yahoo!©_¼¯§Y®É³q°T
> 7.0¡A§K¶Oºô¸ô¹q¸Ü¥ô§A¥´¡I 
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at"

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the freebsd-questions mailing list