Need advise for a linux firewall

gordon b slater gordslater at ieee.org
Thu Mar 11 16:22:38 UTC 2010


On Thu, 2010-03-11 at 11:00 -0500, Abdul Nazeer wrote:

> iptables, but if anyone has any other suggestion, I'd love to hear it.

PFsense, (being freeBSD-based, comes  under your "other" category)
It uses the OpenBSD-based pf firewall, with a web-based GUI for almost
everything (except maybe console resets). works for me in  several
locations, some `heavy and high`. 

One caveat for the current PFsense: traffic shaping in 1.2.3 release is
somewhat borked (1.2.2 works much better) and it doesn't work with more
than 2 interfaces, so 1 wan - 1 lan is OK.

Check out the user forums for specifics scenario gotchas if any.

There's a good (recent) book about it, covers 1.2.3 release, very good
it is too, with lots of help for multi-wan, VLAN, IPsec, etc etc. 
Routes Gigabit nicely with "normal" (pci-e or pci-x) hardware. Check out
the hardware sizing guide for examples.  
What I particularly like is the "alias" function, it makes working with
huge groups of IPs easy.
BGPd, etc are all available as packages - you can for example use
minicom to get CLI via the console port into a cisco ADSL router or
local SCADA kit

Been stable for me for a couple of years now, several instances

Oh, did I mention failover ? CARP

Me like :)


Gord
--
rockin ze bedroom 













More information about the NANOG mailing list