[nycbug-talk] OpenBSD pf "bakeoff"
Jason Hellenthal
jhellenthal at dataix.net
Fri Jun 15 11:21:55 EDT 2012
If I might say, you should give [1] a few once overs to build up a
ruleset that will wind up pretty close to the commercial system and you
will be less likely to miss rules that your corporate firewall solution
implements with toggle switches and short command lines. You might
possibly be able to import your existing corporate ruleset for a quick
start.
Once you have a ruleset can go back through it to minimize the rules
into a smaller set using macros, tables and such.
1). http://www.fwbuilder.org/
On Fri, Jun 15, 2012 at 09:46:45AM -0400, Josh Rivel wrote:
> So after badgering my manager nonstop about how great OpenBSD with pf
> is, he's letting me do a "bakeoff" of two identical boxes - one will
> be running OpenBSD 5.1 w/pf, and the other a popular commercial
> firewall software.
> I probably will not be starting this project until first week in July,
> but wanted to get some tips (feel free to contact me off list if you
> don't think it's appropriate) of any custom tuning or deployment tips
> and tricks for enterprise wide OpenBSD/pf deployments, management of
> the policies, etc.
> I really want OpenBSD to win :)
> Thanks in advance.
> Josh
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
--
- (2^(N-1))
More information about the talk
mailing list