From owner-freebsd-security  Sat Jan 20  2:12:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id E8F9537B401
	for <freebsd-security@freebsd.org>; Sat, 20 Jan 2001 02:12:26 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Sat, 20 Jan 2001 02:10:37 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.0) id f0KACK413041;
	Sat, 20 Jan 2001 02:12:20 -0800 (PST)
	(envelope-from cjc)
Date: Sat, 20 Jan 2001 02:12:19 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Sean Lutner <sean@rentul.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Failover firewalls with ipfw?
Message-ID: <20010120021219.G10761@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.31.0101191426030.89288-100000@lowrider.lewman.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.31.0101191426030.89288-100000@lowrider.lewman.org>; from sean@rentul.net on Fri, Jan 19, 2001 at 02:30:38PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Jan 19, 2001 at 02:30:38PM -0500, Sean Lutner wrote:
> I'm currently doing some research into firewalls, and which one(s) would
> be right for my network. I'm considering everything from Checkpoint-1, to
> Cisco Pix, to ipchains, to ipfw on FreeBSD. My question is this. Does
> anyone out there know of any utilities/code/addons I could use to
> implement a failover pair of firewalls using ipfw and fbsd? Ideally I'd
> like to do stateful failover, but having two machines always on and a
> heartbeat solution might wirk as well. If anyone can offer some pointers,
> it would be much appreciated.

I've used Stonebeat and Firewall-1, and to be honest, I think you
could probably toss together some home-built code and get something
with >90% of its functionality in days... If you don't spend a lot of
time testing every possible scenario (accurately simulating fizzling
hardware is non-trivial) . Heck, if the price is right, I could build
something for ya'. ;)
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message