From owner-freebsd-hackers@FreeBSD.ORG Tue Aug 5 09:19:10 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C48AE106566C for ; Tue, 5 Aug 2008 09:19:10 +0000 (UTC) (envelope-from ady@ady.ro) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.170]) by mx1.freebsd.org (Postfix) with ESMTP id A4BF18FC14 for ; Tue, 5 Aug 2008 09:19:10 +0000 (UTC) (envelope-from ady@ady.ro) Received: by wf-out-1314.google.com with SMTP id 24so2130465wfg.7 for ; Tue, 05 Aug 2008 02:19:10 -0700 (PDT) Received: by 10.142.231.7 with SMTP id d7mr3568355wfh.207.1217927950085; Tue, 05 Aug 2008 02:19:10 -0700 (PDT) Received: by 10.142.54.14 with HTTP; Tue, 5 Aug 2008 02:19:10 -0700 (PDT) Message-ID: <78cb3d3f0808050219k94105adxd114012634989b31@mail.gmail.com> Date: Tue, 5 Aug 2008 11:19:10 +0200 From: "Adrian Penisoara" Sender: ady@ady.ro To: "Matthias Apitz" In-Reply-To: <20080805080520.GB3063@rebelion.Sisis.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20080805080520.GB3063@rebelion.Sisis.de> X-Google-Sender-Auth: bf2bb50bcee7ccf9 Cc: freebsd-hackers@freebsd.org Subject: Re: Q: case studies about scalable, enterprise-class firewall w/ IPFilter X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 09:19:10 -0000 Hi, On Tue, Aug 5, 2008 at 10:05 AM, Matthias Apitz wrote: > > Hello, > > I've posted the attached mail in the IP Filter mailing list; the only > responses have been bad configured vacation replies :-( > > someone from freebsd-hackers has an idea? thanks in advance > > matthias > > ----- Forwarded message from Matthias Apitz ----- > > From: Matthias Apitz > Date: Sun, 3 Aug 2008 08:24:15 +0200 > To: IP Filter > Subject: Q: case studies about scalable, enterprise-class firewall w/ IPFilter > > > Hello, > > We're currently protecting our network (and as well some FreeBSD laptops > standalone) with IPFilter... I'm wondering if there are any case studies > about scalable, enterprise-class firewall solutions, redundancy with > state-full failover, and application-level inspection, and all that a > like, based on IPFilter and FreeBSD; Hmm, none that I know of, but I would be interested to (get) involved in such a project (on behalf of the emerging EntepriseBSD project and/or business consulting). I have been working with IPFilter in the past, even built a pretty complex setup for the university where I've been studying (might be still running) with statefull tables (kept across reboots) and the associated scaling problems. Besides sporadic issues (with lost sessions due to overflowing the session tables until I fine-tuned the IPF state timeouts) it was quite a success. Nowadays I believe the trend is to use pf(4) instead of ipf(4) as it offers quite the same functionality under a presumably better license (although I sometimes miss the hierarchical structuring available through group/head in IPFilter). Let me know if I can be of help. Regards, Adrian Penisoara EnterpriseBSD project / ROFUG Ady (@enterprisebsd.info, @bsdconsultants.com)