[Cialug] New Firewall

David Bierce operations at cynicbytrade.com
Fri Jan 5 16:12:35 CST 2007 

Ello --

While not linux based,  I've used http://m0n0.ch/wall/ on nice newer  
hardware with no problems.  I'm certain smoothwall will happily adds  
support for new hardware if you pay for the pro version :)

If you don't mind rolling your own web and scripts,  I help maintain  
a distro for some of our customers that has quite a few firewall and  
traffic shaping (using tc) scripts.  It also has some pretty flexible  
scripts and gathering interface statistics and putting them into a  
database.  http://zinux.cynicbytrade.com

While it isn't a Purdy interface, it does have some boot examples for  
linux features I've learned to love like bonding and bridging.




>
> Broadcom provides linux modules for their chips, but I didn't see  
> anything for xBSD thus making the linux based products more  
> attractive, but not if they can't support my raid card :)
>
> -Tom
>

I've been using the Broadcom 5704 Dual Port Gigabit adapter since  
FreeBSD 6 on machines with a sustained network throughput of about  
40MBit/sec with no problems, but I'm not sure about the NetXtreme.   
Lately, I've been having lots of Intel network troubles of FreeBSD  
under high load network load, but broadcom has been performing rock  
solid.


Dave
>
> On Jan 5, 2007, at 3:04 PM, Nathan C. Smith wrote:
>
>> I was thinking the same thing about moving parts.  http:// 
>> www.pfsense.org
>> Although you probably have the drives in a RAID 1 config.
>>
>> I set up pfSense on a Soekris (http://www.soekris.com) board last  
>> week and I
>> am really amazed by it.  In many senses better than commercial  
>> firewalls
>> (sonicwall) I have used.
>>
>> Tom, are the firewall packages just lacking new enough drivers for  
>> the
>> network cards, or are drivers for the cards still buggy?
>>
>> -Nate
>>
>>
>> McKee, Voorhees & Sease
>> 801 Grand Avenue, Suite 3200
>> Des Moines, Iowa 50309
>> phone: 515-288-3667
>> fax: 515-288-1338
>> e-mail: @ipmvs.com
>> url:  www.ipmvs.com
>> -----Original Message-----
>> From: Daniel A. Ramaley [mailto:daniel.ramaley at DRAKE.EDU]
>> Sent: Friday, January 05, 2007 2:53 PM
>> To: Central Iowa Linux Users Group
>> Subject: Re: [Cialug] New Firewall
>>
>> On Friday 05 January 2007 14:24, Tom Pohl wrote:
>>> Does anyone know of a set of tools that will give me what I'm  
>>> looking
>>> for that will install on top of a standard distribution instead of a
>>> stand alone distribution with a purdy web interface?
>>
>> I wouldn't install a firewall using anything other than OpenBSD. I'd
>> probably also remove the unnecessary moving parts (read: hard  
>> drives) and
>> replace them with a 1 GB IDE flash drive. Actually i'm going to be  
>> replacing
>> my home firewall soon with a low-power machine running OpenBSD off  
>> of flash.
>> Based on recent other experiences installing OpenBSD, a full  
>> installation
>> will leave most of the 1 GB free. And it is possible to configure the
>> filesystem to be read-only so you don't have to worry about power  
>> outages,
>> at least not beyond the usual spikes and such that a high-quality  
>> surge
>> protector can filter out.
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list