Date: Thu, 16 Jan 2003 10:52:00 -0800 (PST) From: Josh Brooks <user@mail.econolodgetulsa.com> To: freebsd-hackers@freebsd.org Subject: FreeBSD firewall for high profile hosts - waste of time ? Message-ID: <20030116104652.T86991-100000@mail.econolodgetulsa.com>
next in thread | raw e-mail | index | archive | help
Hi, If I have a large network with high profile hosts (50+ shell servers, 50 or more different ircds running) am I wasting my time trying to hack and tweak a FreeBSD host-based firewall running ipfw ? I am getting hammered by a different (D)DoS attack every single day - it's always something new. I am thinking of buying a netscreen, but on the other hand I really like FreeBSD, I really like a host-based firewall, and I hate to admit defeat. So do any of those efnet servers use a FreeBSD firewall ? Are there people out there that know what they are doing to such a degree that they can successfully use a host-based FreeBSD system to firewall high profile network targets ? Or is it generally accepted that if you have that kind of targets on your network that you just have to get an appliance - that is, even if the guy that wrote ipfw and knows the fbsd kernel inside and out still wouldn't even try to make that work ? OR, would a very expert FreeBSD developer and network code guy scoff at "wasting money" on a netscreen or PIX, knowing that if you really knew what you were doing you could do it all with a fbsd host-based firewall with ipfw ? Any comments appreciated. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030116104652.T86991-100000>