[nycbug-talk] OpenBSD pf "bakeoff"
josh at rivels.org
Fri Jun 15 11:25:48 EDT 2012
On Fri, Jun 15, 2012 at 11:21 AM, Jason Hellenthal
<jhellenthal at dataix.net> wrote:
> If I might say, you should give  a few once overs to build up a
> ruleset that will wind up pretty close to the commercial system and you
> will be less likely to miss rules that your corporate firewall solution
> implements with toggle switches and short command lines. You might
> possibly be able to import your existing corporate ruleset for a quick
> Once you have a ruleset can go back through it to minimize the rules
> into a smaller set using macros, tables and such.
> 1). http://www.fwbuilder.org/
Thanks, I will definitely take a look at this.
I think initially we will just use a "any any allow" rule to test
straight throughput, I need to sort out the details with my manager as
to what exactly he wants me to test.
Might setup a rule like "allow port 80 from * to webserver" or
something and see how much HTTP traffic we can slam at the webserver.
Don't know, but this should be interesting to say the least!
More information about the talk