Indeed, I never said that you CANT do it on OpenBSD,... I just mentioned how
I do it...
That said though the snort+PF combo though is two tools to do the job where
I only need on in the wee Linux distro that I (roll myself) use for
firewalls.
"Opportunity is most often missed by people because it is dressed in
overalls and looks like work."
Thomas Alva Edison
Inventor of 1093 patents, including:
The light bulb, phonogram and motion pictures.
On Fri, Sep 24, 2010 at 9:51 PM, R0me0 *** <knight....@gmail.com> wrote:
> You can to filter layer 7 with snort
>
> By example, detect bittorrent and p2p traffic with snort and drop it
>
> 2010/9/24 Ross Cameron <ross.came...@unix.net>
>
> Depends what you want to do exactly I suppose...
>>
>> Personally I use Linux based firewalls for many of my sites purely because
>> the clients in question want deep packet inspection (aka OSI layer 7
>> filtering) done on the network traffic.
>> But that said they are always the second skin firewalls, sitting behind
>> PF firewalls, filtering outbound traffic while the OpenBSD/FreeBSD boxen
>> filter inbound traffic.
>>
>> Thats just my 5c worth and I've always been of the opinion that at least
>> two
>> different skins of firewalls should be deployed, build ontop of different
>> technologies.
>> Makes life a lot harder for whomever you want to keep out.
>>
>>
>>
>>
>> "Opportunity is most often missed by people because it is dressed in
>> overalls and looks like work."
>> Thomas Alva Edison
>> Inventor of 1093 patents, including:
>> The light bulb, phonogram and motion pictures.
>>
>>
>>
>> On Wed, Sep 22, 2010 at 9:29 PM, Rikky Taylor <rikkytay...@hotmail.co.uk
>> >wrote:
>>
>> > I was after some general advice. I need to setup a routing firewall with
>> 3
>> > interfaces, moderate traffic and a fair amount of NAT'ing in the rules.
>> >
>> >
>> >
>> > Given identical modern server hardware would I expect a performance
>> > difference
>> > between an OpenBSD/PF setup and a Linux/IPTables one?
>> >
>> >
>> >
>> > Rikky
