Re: Optimizing CentOS for gigabit firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/18/2009 10:05 PM, Peter Serwe wrote:
> I don't know jack about IPSet, but I know enabling or disabling hosts in
> bare stock PF without the gui in front of it is about as easy as it gets.
> 
> The PF configuration file syntax was designed from the ground up to be sane,
> unlike iptables, which typically needs some decent sysadmin scripting or
> using fwbuilder to make any good sense of.  There is no finer opensource
> firewall product on the market, in terms of performance, ease of
> configuration and use, and other issues.
> 
> If you're not opposed to vi, for what you're looking to accomplish, moving
> to BSD and pf is a no-brainer.  PF can definitely handle a list of 500 hosts
> and anything else you've mentioned.  It's absolutely capable, easier, and in
> general, for anything that involves packet filtering at all, about as good
> as it gets.
> 
> Peter

Just as recommendation: Besides OpenBSD's really phantastis
documentation, there are some books that are really great:

The Book of PF: A No-Nonsense Guide to the BSD Firewall (by Peter N. M.
Hansteen)

The Openbsd Pf Packet Filter Book (by Jeremy C. Reed)

HTH,

Timo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux