Re: Optimizing CentOS for gigabit firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Friday 18 December 2009 16:05, Peter Serwe wrote:

>  I don't know jack about IPSet, but I know enabling or disabling hosts in
>  bare stock PF without the gui in front of it is about as easy as it gets.

IPTALES is the same;

iptables -A [INPUT/FORWARD] -d <ip address> -j [REJECT/DROP]

>  The PF configuration file syntax was designed from the ground up to be
> sane, unlike iptables, which typically needs some decent sysadmin scripting
> or using fwbuilder to make any good sense of.

I beg to differ here.  IPTABLES is not that hard when you understand it.  Like 
anything else, once you know what you are doing it isn't that hard.  And no, 
I have never used any GUI program to configure my firewalls.

> There is no finer opensource firewall product on the market, in terms of 
> performance, ease of  configuration and use, and other issues.

This is all subjective to the user.  I would say that PF is a nightmare and 
IPTABLES is easier to use.

>  If you're not opposed to vi, for what you're looking to accomplish, moving
>  to BSD and pf is a no-brainer.  PF can definitely handle a list of 500
> hosts and anything else you've mentioned.  It's absolutely capable, easier,
> and in general, for anything that involves packet filtering at all, about
> as good as it gets.

Again this is all subjective to the user.


-- 

Regards
Robert

Linux User #296285
http://counter.li.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux