[Cialug] New Firewall

David Champion dchampion at visionary.com
Fri Jan 5 16:30:13 CST 2007 

You could take a look at that nufw thingy I mentioned the other day. :)

I've done some simple firewall work with Mandriva & shorewall, using the 
webmin plugin to admin it (you can also edit the conf file yourself, 
which is actually what the shorewall people recommend). Don't ever look 
at all of the iptables rules it generates - it's insane. Seems to work 
pretty well though.

I've also managed to lock myself out of a co-lo server using shorewall. 
Thankfully my nice Mr. ISP man let me go restart it.

-dc

Tom Pohl wrote:
> I'm guessing that the packages are slow to incorporate the newer modules.
> 
> This is a corporate firewall that I'm setting up, so using underpowered 
> hardware isn't really an option for me.  I really need the speed that 
> this hardware provides.  I thought about trying to go a CF based route 
> but I need the ability to log data (potentially LOTS of data) 
> persistently.  I do have the drives in a RAID 1 config so it won't be a 
> big deal to replace a hard drive when one dies and still have my logs.
> 
> Broadcom provides linux modules for their chips, but I didn't see 
> anything for xBSD thus making the linux based products more attractive, 
> but not if they can't support my raid card :)
> 
> -Tom
> 
> 
> On Jan 5, 2007, at 3:04 PM, Nathan C. Smith wrote:
> 
>> I was thinking the same thing about moving parts.  http://www.pfsense.org
>> Although you probably have the drives in a RAID 1 config.
>>
>> I set up pfSense on a Soekris (http://www.soekris.com) board last week 
>> and I
>> am really amazed by it.  In many senses better than commercial firewalls
>> (sonicwall) I have used.
>>
>> Tom, are the firewall packages just lacking new enough drivers for the
>> network cards, or are drivers for the cards still buggy?
>>
>> -Nate
>>
>>
>> McKee, Voorhees & Sease
>> 801 Grand Avenue, Suite 3200
>> Des Moines, Iowa 50309
>> phone: 515-288-3667
>> fax: 515-288-1338
>> e-mail: @ipmvs.com
>> url:  www.ipmvs.com
>> -----Original Message-----
>> From: Daniel A. Ramaley [mailto:daniel.ramaley at DRAKE.EDU]
>> Sent: Friday, January 05, 2007 2:53 PM
>> To: Central Iowa Linux Users Group
>> Subject: Re: [Cialug] New Firewall
>>
>> On Friday 05 January 2007 14:24, Tom Pohl wrote:
>>> Does anyone know of a set of tools that will give me what I'm looking
>>> for that will install on top of a standard distribution instead of a
>>> stand alone distribution with a purdy web interface?
>>
>> I wouldn't install a firewall using anything other than OpenBSD. I'd
>> probably also remove the unnecessary moving parts (read: hard drives) and
>> replace them with a 1 GB IDE flash drive. Actually i'm going to be 
>> replacing
>> my home firewall soon with a low-power machine running OpenBSD off of 
>> flash.
>> Based on recent other experiences installing OpenBSD, a full installation
>> will leave most of the 1 GB free. And it is possible to configure the
>> filesystem to be read-only so you don't have to worry about power 
>> outages,
>> at least not beyond the usual spikes and such that a high-quality surge
>> protector can filter out.
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
> 
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list