which firewall product?

Owen DeLong owen at delong.com
Tue Jul 30 22:56:35 UTC 2013

Aren't there appliance versions that are just iptables/linux under the hood?

For example, IPCop, IPFire, Smoothwall, Untangle, and Vyatta should fit the bill.


On Jul 30, 2013, at 13:00 , William Herrin <bill at herrin.us> wrote:

> Hi folks,
> I'm trying to identify a firewall appliance for one of my customers.
> The wrinkle is: it has to be able to inspect packets inside an IPIP
> tunnel and accept/reject based on IP address, TCP port number and
> standard things like that. On the packet carried *inside* the IPIP
> tunnel packet.
>> From what I can tell, the Cisco ASA can't do this.
> Linux iptables can (with the u32 match module) but the customer wants
> an appliance, not a server.
> What appliances do you know of that can do this? Is there a different
> Cisco box? A Juniper firewall? Anything else?
> Thanks in advance,
> Bill Herrin
> -- 
> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004

More information about the NANOG mailing list