>>
>> What features do you need? Statefull I presume, so how big
>> should the state table be? Throughput in pps? SYN-proxy?
>> Payload inspection? Redundancy/fail-over? Clickety-click or CLI?
>> SSL-offloading? VPN-server? etc.
>
> Jochem's asking all the right questions, as usual, but if you're interested
> in seeing how firewalls work, and don't mind building your own, you might
> look at one of the many Linux firewall distributions available, like
> Smoothwall. These can be perfectly suitable for many uses, and are kind of
> fun to play with as well.
I was probably going to recommend that anyway, only when you are
firewalling a very fat pipe (Gbit or more) or you have specialty
requirements you might need something with specialty hardware.
The difference is that I would recommend to build your own on
OpenBSD. OpenBSD is pretty much designed for running on the edge
of your network, and IMHO it is far ahead of other firewall
systems in terms of power and features. Statefull firewall
clustering, loadbalancing and failover, SYN-proxy, an IP-based
anti-spam solution of the ugliest kind (for the spammer)
integrated into the firewall right on top of what is arguably the
most secure Unix ever:
http://www.countersiege.com/doc/pfsync-carp/
http://www.openbsd.org/
The upside of OpenBSD: everything is in the manual.
The downside of OpenBSD: the developers are not afraid of strong
words to tell you so.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
