Thats the point. I must admit that I'm addicted to pf and the simplicity of OpenBSD as a firewall / router :-)
I'm using relayd now for "loadsharing" / "loadbalancing" of my webservers. Its a great tool and the performance of OpenBSD 4.4 and pf is incredible.
But use OpenBSD 4.4 (-current) with caution. Its not really stable at the moment, maybe do to the recent hackathlon :-). The snap from Wednesday is ok, the one from Monday has a big ARP replay bug...
Keep in mind, with OpenBSD you get a full router and firewall operating system out of the base system (PF, carp, relayd, pfsync, ifstated, ospfd, bgpd, etc.). And you don't need expensive hardware. My firewall "cluster" does 8000 stateful connections average at the same time with only 1 GB RAM on a Pentium 3.2 GHz machine. With Intel Gigabit NICs you can do over 300Mbit/s stateful firewalling on cheap hardware...
and maybe we should talk about the term "firewall". my idea of a firewall is routing, nat and stateful filtering.
I don't like commercial "firewall" products which are nothing more than a lot of opensource software packet onto cheap hardware, branded and sold under a "good" name... yeah of course they did "os hardening". OpenBSD and Linux are "hard" enough for most requirements...
As i said before if you need help for openbsd firewalls feel free to contact me off-list.
wish you a nice weekend Marco
julien mabillard wrote:
:: I would suggest an OpenBSD or OpenBSD-based firewall too. We're using
BTW, recent hackathons brought significant improvements not to mention related work from reyk@ about relayd. So as monitoring and load balancing role, it is great design.
And beware, you could just love pf and start being addicted ;-)
-- _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog