[nycbug-talk] OpenBSD pf "bakeoff"
Isaac Levy
ike at blackskyresearch.net
Fri Jun 15 11:06:59 EDT 2012
Wow,
On Jun 15, 2012, at 9:46 AM, Josh Rivel wrote:
> So after badgering my manager nonstop about how great OpenBSD with pf
> is, he's letting me do a "bakeoff" of two identical boxes - one will
> be running OpenBSD 5.1 w/pf, and the other a popular commercial
> firewall software.
Holy moses that's cool.
> I probably will not be starting this project until first week in July,
> but wanted to get some tips (feel free to contact me off list if you
> don't think it's appropriate) of any custom tuning or deployment tips
> and tricks for enterprise wide OpenBSD/pf deployments, management of
> the policies, etc.
> I really want OpenBSD to win :)
Well, there goes the scientific method ;)
> Thanks in advance.
> Josh
One sideshow-ish note which I hope helps:
I'd crib from PFSense (yes, I know that sounds awful to any OpenBSD user, my apologies), but their stock system tuning is thoughtful, in particular, the network i/o sysctls. Groking the intention of the sysctl tuning may be a great thing to skim through.
https://github.com/bsdperimeter/pfsense
Best,
.ike
More information about the talk
mailing list