Firewalls - Ease of Use and Maintenance?

Joe Greco jgreco at ns.sol.net
Wed Nov 9 12:38:01 UTC 2011


> On 11/09/2011 03:22 PM, Richard Kulawiec wrote:
> > You will find it very difficult to beat pf on OpenBSD for efficiency,
> > features, flexibility, robustness, and security.  Maintenance is very
> > easy: edit a configuration file, reload, done.
>
> An important feature lacking for now as far as I know is content/web 
> filtering especially for corporates wishing to block inappropriate/time 
> wasting content like facebook. Addition of this would place it a par 
> with the best like Sonicwall and Fortinet.

I would probably disagree with Richard's statement; most organizations
are looking for something that's a little more of a product/appliance
and a little less of a one-off solution/generic UNIX box.

That having been said, if you AREN'T put off by "edit a configuration
file", then maybe you won't be put off by "install Squid, add squidGuard
(IIRC), and configure transparent proxying" and you're pretty much all
the way there.  Oh, and you get caching acceleration for free.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.




More information about the NANOG mailing list