[nycbug-talk] OpenBSD pf "bakeoff"
Josh Rivel
josh at rivels.org
Fri Jun 15 11:25:48 EDT 2012
Jason,
On Fri, Jun 15, 2012 at 11:21 AM, Jason Hellenthal
<jhellenthal at dataix.net> wrote:
>
> If I might say, you should give [1] a few once overs to build up a
> ruleset that will wind up pretty close to the commercial system and you
> will be less likely to miss rules that your corporate firewall solution
> implements with toggle switches and short command lines. You might
> possibly be able to import your existing corporate ruleset for a quick
> start.
>
> Once you have a ruleset can go back through it to minimize the rules
> into a smaller set using macros, tables and such.
>
> 1). http://www.fwbuilder.org/
Thanks, I will definitely take a look at this.
I think initially we will just use a "any any allow" rule to test
straight throughput, I need to sort out the details with my manager as
to what exactly he wants me to test.
Might setup a rule like "allow port 80 from * to webserver" or
something and see how much HTTP traffic we can slam at the webserver.
Don't know, but this should be interesting to say the least!
Josh
More information about the talk
mailing list