Le 05/01/2007 à 10:25:30+1300, Brett Davidson a écrit > Before I start, I'm familiar with IPTables from Linux but am wanting to > use FreeBSD as a firewalling router after seeing it in action on a > heavily-loaded webserver. I like the efficiency of the TCP stack. > > Upon reading the handbook I found that I can have my choice of three > firewalls; pf, iptables and ipfw. > > What would be the most useful (and easiest) package to use given the > following scenario: > > A FreeBSD router comprising of four physical interfaces - > Eth0 is the outside 10Mbyte/s cable connection to the Internet. > Eth1 is a 100Mbit DMZ housing a webserver. > Eth2 is a 100Mb DMZ housing a 802.11g Wireless Access Router. > (My normal preference is to isolate Wireless LANs from physical > LANS). > Eth3 is the inside LAN. > > Software-based VPN connections out from both the Inside LAN and Wireless > DMZ are required. (Allowing VPN tunnels through the firewall; not > tunnels terminated at the firewall). > > Against prudence, they wish to allow torrent connections to the inside > lan and ICQ connections to both the Inside LAN and the Wireless DMZ. The > torrent and ICQ connections will need to be bandwidth-managed so that is > a major consideration for the choice of which firewall to use. Is there > an equivalent to HTB on FreeBSD? > > I look forward to your answers... > I've using ipfw and pf for this.
If you've some knowlegde on Cisco ACL you can use ipfw (it's first match-use). pf have some very usefull features. With pf it's last match first-use, and it's more easy to add some ACL with pf for a script (like ssh_bruteforce). Regards. -- Albert SHIH Observatoire de Paris Meudon Heure local/Local time: Ven 5 jan 2007 09:08:19 CET _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
