From owner-freebsd-isp@FreeBSD.ORG Mon Apr 7 08:22:45 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFA2337B404 for ; Mon, 7 Apr 2003 08:22:45 -0700 (PDT) Received: from accounts.amigo.net (mail.amigo.net [209.94.64.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id B447843F75 for ; Mon, 7 Apr 2003 08:22:44 -0700 (PDT) (envelope-from randys@amigo.net) Received: from stalker.amigo.net (billing.amigo.net [209.94.67.250]) by accounts.amigo.net with esmtp; Mon, 07 Apr 2003 09:22:42 -0600 Date: Mon, 7 Apr 2003 09:23:34 -0600 (MDT) From: Randy Smith X-X-Sender: randy@stalker.amigo.net To: ljacobs In-Reply-To: <200304061408.AA81592870@mandala-designs.com> Message-ID: <20030407090718.B203-100000@stalker.amigo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: "freebsd-isp@freebsd.org" Subject: Re: FreeBSD as a firewall X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2003 15:22:46 -0000 On Sun, 6 Apr 2003, ljacobs wrote: > Date: Sun, 6 Apr 2003 14:08:44 -0400 > From: ljacobs > To: "freebsd-isp@freebsd.org" > Subject: FreeBSD as a firewall > > Folks -- > > If you are using IPFW or IPFilter or PF as a packet filer/firewall on > your FreeBSD system I am interested in hearing about your configuration > and satisfaction with your setup. How did you make your dwecision? I like FreeBSD and didn't feel the need to use a different OS in this case. I choose IPFW because the benchmarks I saw (I don't remember where now) showed that it perfomed slightly better than IPF for the forwarding I needed for the transparent prxoes. Those same benchamrks showed IPF was a bit faster doing nat. PF didn't exist at the time. I haven't used IPFW2 which is supposed to be much faster than IPFW. > What type of hardware are you running this on? It varies. Most of my firewalls are also proxies or doing other things. My "worst" box is a pentium-200MHz job with 32 MB of RAM. My "best" box is a dual PIII-500MHz with 1GB RAM. > Do you have anything else running on that computer besides the firewall? Generally, my firewalls are also transparent proxies. One of them is also the gateway for my mail server cluster and is doing quite a bit. (It is also an emergency node for the cluster and handles web mail duties.) > Have you had any breakins in spite of this protection? Not that I can tell. > Would you consider OpenBSD as an alternative for a firewall because of > its security and ease of using and managing PF? I've heard that OpenBSD is a good solution but I have never tried it so I can't comment further. > > Thanks for any comments. > > > ________________________________________________________________ > Sent via the WebMessaging system at mandala-designs.com > > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/