At 21:08 25/04/01 -0400, Paul D. Robertson wrote:
>On Thu, 26 Apr 2001, Ben Nagy wrote:
>
> > > IPFilter's had its share of problems too.[...]
> > > FWIW, I prefer NetBSD for IPfilter boxen.
> >
> > I don't recall the IPfilter problems you're talking about - got a
> reference?
>
>The most recent one is:
>
>http://groups.google.com/groups?q=serious+ipfilter+bug&hl=en&lr=&safe=off&rnum=1&seld=905165927&ic=1
>
> > Why NetBSD - just the performance win?
>
>Yep, if you can ensure that the protection isn't the bottleneck, it's
>easier to defend.
not just that. NetBSD stresses on design, and as a result has a better
architecture.
you'll hardly see things added to NetBSD just because someone find it hard
to sleep at night:)
>Personally, (and I'm a big Linux fan) I'd be happier with IPFilter/*BSD
>than Linux if I needed strong packet filtering for the next 6 months or
>so. Linfilter might be cool, but it's too new for security infrastructure
>in my book. The BSDs intimidate a lot of people though, so if it's an
>administratively heavy role, I'd consider Linux as long as there were
>multiple layers of filters. ipfw may still be a BSD option as well.
Paul, you should give BSD a chance. well, if you have the time:)
I personally don't like ipfw. Having seen the dirty code, I'm just against.
It won't resist a review:)
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
