I'm going to have to (respectfully) disagree with your statement that the OpenBSD Packet Filter requires "spending hours/days reading about and experimenting with the ins and outs of firewall/networking"
Speaking only of OpenBSD (I've never used iptables), you can do some pretty serious firewalling knowing next to jack. And if it's just a matter of blocking ports, and letting certain people in others, it's dead easy. It may take you an hour or two if you wanted to get into stateful firewalling, still not days. http://www.openbsd.org/faq/faq6.html#PF And just to nitpick, OpenBSD's packet filter is called just that; PF. OpenBSD 2.9 uses IPFilter, anything beyond that is PF. Both packages work great and have almost the exact same syntax. My personal endorsement for a software firewall would have to be for OpenBSD. For someone that's been hacked 3 times (not me, the guy who posted), something that I believe to be maintenance free may be right up his alley. Chris On Mon, 06 May 2002 08:25:52 -0700, Harry Putnam said: > If your going the software OS route, no need to go OpenBSD, since > iptables is fully capable of both items. The OpenBSD ipfilter setup > is no less hassle than IPtables in my opinion. > > That is, if you survive the installation of OpenBSD, in particular the > fdisk/disklabel hell one is presented with on install. Anyone > familiar with linux fdisk would sooner shoot themselves than use the > one supplied with OpenBSD :-). > > Either ipfilter or iptables is vastly more configurable than a > hardware router, but both make heat, noise, take space , and require > close maintainence. Often reconfiguration with even smallish changes > in usage or needs. Not to mention nearly encyclopedic knowledge of > networking/firewalling. > > If you don't mind or even like the noise, heat, space loss, and > constant pain in the ass maintenance. And you prefer spending > hours/days reading about and experimenting with the ins and outs of > firewall/networking then the OS (iptables ipfilter) route can answer > all your masochistic needs. > -- Chris Cameron UpNIX Internet Administrator ardvark.upnix.net saddlebags.upnix.net -- http://www.upnix.com _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
