Thats the point. I must admit that I'm addicted to pf and the simplicity
of OpenBSD as a firewall / router :-)
I'm using relayd now for "loadsharing" / "loadbalancing" of my
webservers. Its a great tool and the performance of OpenBSD 4.4 and pf
But use OpenBSD 4.4 (-current) with caution. Its not really stable at
the moment, maybe do to the recent hackathlon :-). The snap from
Wednesday is ok, the one from Monday has a big ARP replay bug...
Keep in mind, with OpenBSD you get a full router and firewall operating
system out of the base system (PF, carp, relayd, pfsync, ifstated,
ospfd, bgpd, etc.). And you don't need expensive hardware. My firewall
"cluster" does 8000 stateful connections average at the same time with
only 1 GB RAM on a Pentium 3.2 GHz machine. With Intel Gigabit NICs you
can do over 300Mbit/s stateful firewalling on cheap hardware...
and maybe we should talk about the term "firewall". my idea of a
firewall is routing, nat and stateful filtering.
I don't like commercial "firewall" products which are nothing more than
a lot of opensource software packet onto cheap hardware, branded and
sold under a "good" name... yeah of course they did "os hardening".
OpenBSD and Linux are "hard" enough for most requirements...
As i said before if you need help for openbsd firewalls feel free to
contact me off-list.
wish you a nice weekend
julien mabillard wrote:
:: I would suggest an OpenBSD or OpenBSD-based
firewall too. We're using
BTW, recent hackathons brought significant improvements not to
mention related work from reyk@ about relayd.
So as monitoring and load balancing role, it is great design.
And beware, you could just love pf and start being addicted ;-)
swinog mailing list