[nycbug-talk] OpenBSD pf "bakeoff"

[Brett]

> So after badgering my manager nonstop about how great OpenBSD with pf
> is, he's letting me do a "bakeoff" of two identical boxes - one will
> be running OpenBSD 5.1 w/pf, and the other a popular commercial
> firewall software.

> Josh
> 

A couple of things I could think of that would be interesting to compare:

1. This from the default pf.conf file:

#For example, the following rules will protect the webserver against hosts
#making more than 100 connections in 10 seconds.
          block quick from <bad_hosts>
          pass in on $ext_if proto tcp to $webserver port www keep state \
                (max-src-conn-rate 100/10, overload <bad_hosts> flush global)

2. Filtering by OS fingerprinting (eg simulating a Love Bug type virus coming from windows machines - how well do the various firewalls cope with slowing this traffic down to a crawl and letting non-windows-originating traffic through).

Cheers,
Brett.