Look at www.fwbuilder.org
It is good. It even has commercial support if you like.
ÓÒÅÄÁ, 4 ÉÀÌÑ 2012 Ç. ÐÏÌØÚÏ×ÁÔÅÌØ C. L. Martinez ÐÉÓÁÌ:
> Hi all,
>
> I wonder if with OpenBSD is possible to create virtualized firewalled
> implementations of conventional physical topologies and designs such
>
that's not exciting at all. maybe one day i will write a vpf device.
benefits include not having to be root to check an agreed upon subset
of your states, running proxies and other applications that insert
rules completely non-root
other details have to be worked out so that sub-pfs can't run the
* Andres Perera [2012-07-04 17:42]:
> out of curiosity, how would you make pf(4) only handle rules
> pertaining to a certain anchor depending on the process that's
> interfacing with them? i ask because; e.g., pfctl -sr should only
> show rules for that client, and other pf(4) operations need to
"C. L. Martinez" wrote:
>Hi all,
>
> I wonder if with OpenBSD is possible to create virtualized firewalled
>implementations of conventional physical topologies and designs such
>as central and remote DMZs (my question has nothing to do with
>virtualization platforms like ESXi/vSphere or Xen or KV
ok here's a more thought out idea
a vpf is the same as a pf only that it has an ioctl that binds its
device minor to a rule # in pf0. access to a vpf0 is the same, posix
vfs permissions. (securelevel affects pf rule write-ability, but i
don't think a per vpf equivalent is useful for this example).
out of curiosity, how would you make pf(4) only handle rules
pertaining to a certain anchor depending on the process that's
interfacing with them? i ask because; e.g., pfctl -sr should only
show rules for that client, and other pf(4) operations need to be
equally restricted. i know that originally
Possible and not-recommendable at the same time I'd say.
--
I will face my fear. I will permit it to pass over me and through me.
And when it has gone past I will turn the inner eye to see its path.
Where the fear has gone there will be nothing. Only I will remain.
search about rdomain or VRF in openbsd
these can solve your problem but you should do some work by hand (or brain)
if you can design good plan you can solve your problem. route -exec, pfctl,
rdomain, rtable may help you
On Wed, Jul 4, 2012 at 11:59 AM, C. L. Martinez wrote:
> Hi all,
>
> I wond
On Jul 4, 2012, at 11:51 AM, Henning Brauer wrote:
> * Franco Fichtner [2012-07-04 11:43]:
>> No, the great catch here is that VSX offers you tools to manage up
>> to 250 of these virtual monsters in a centralized fashion. You can
>> also give control of these firewalls to your customers. You can
On Wed, Jul 4, 2012 at 11:51 AM, Henning Brauer wrote:
> * Franco Fichtner [2012-07-04 11:43]:
>> No, the great catch here is that VSX offers you tools to manage up
>> to 250 of these virtual monsters in a centralized fashion. You can
>> also give control of these firewalls to your customers. You
* Franco Fichtner [2012-07-04 11:43]:
> No, the great catch here is that VSX offers you tools to manage up
> to 250 of these virtual monsters in a centralized fashion. You can
> also give control of these firewalls to your customers. You can put
> lots of OpenBSD guests on a host, but there's no w
On Jul 4, 2012, at 11:13 AM, C. L. Martinez wrote:
> On Wed, Jul 4, 2012 at 10:49 AM, Jiri B wrote:
>> On Wed, Jul 04, 2012 at 09:29:04AM +0200, C. L. Martinez wrote:
>>> Hi all,
>>>
>>> I wonder if with OpenBSD is possible to create virtualized firewalled
>>> implementations of conventional phys
Hi
On Wed, Jul 4, 2012 at 11:13 CEST
"C. L. Martinez" wrote:
> On Wed, Jul 4, 2012 at 10:49 AM, Jiri B wrote:
> > On Wed, Jul 04, 2012 at 09:29:04AM +0200, C. L. Martinez wrote:
> >>
> >> I wonder if with OpenBSD is possible to create virtualized firewalled
> >> implementations of conventional
* C. L. Martinez [2012-07-04 11:17]:
> On Wed, Jul 4, 2012 at 10:49 AM, Jiri B wrote:
> > On Wed, Jul 04, 2012 at 09:29:04AM +0200, C. L. Martinez wrote:
> >> I wonder if with OpenBSD is possible to create virtualized firewalled
> >> implementations of conventional physical topologies and design
On Wed, Jul 4, 2012 at 10:49 AM, Jiri B wrote:
> On Wed, Jul 04, 2012 at 09:29:04AM +0200, C. L. Martinez wrote:
>> Hi all,
>>
>> I wonder if with OpenBSD is possible to create virtualized firewalled
>> implementations of conventional physical topologies and designs such
>> as central and remote
On Wed, Jul 04, 2012 at 09:29:04AM +0200, C. L. Martinez wrote:
> Hi all,
>
> I wonder if with OpenBSD is possible to create virtualized firewalled
> implementations of conventional physical topologies and designs such
> as central and remote DMZs (my question has nothing to do with
> virtualizat
Hi all,
I wonder if with OpenBSD is possible to create virtualized firewalled
implementations of conventional physical topologies and designs such
as central and remote DMZs (my question has nothing to do with
virtualization platforms like ESXi/vSphere or Xen or KVM), like for
example CheckPoint
17 matches
Mail list logo