Security Basics mailing list archives
RE: Best IP configuration for OpenBSD firewall/router
From: Edward Rustin <ed () well com>
Date: Tue, 19 Aug 2003 01:45:14 -0700 (PDT)
Sorry :) I did realize, as several people have pointed out, the netfilter is a linux thing and that pf is the *BSD equivilent. In my defence I'm a linux guy and haven't had much experience with any of the BSDs (allthough I should try to get some more experience with them...) Edward Rustin Directory of Security, OnlineGuardians.org On Mon, 18 Aug 2003, DeGennaro, Gregory wrote:
OpenBSD PF is superior to Netfilter as well as the OS for security reasons alone. I use it for second tier FW into my home LAN. Nothing usually gets past the first tier (Cisco router using CBAC) but if it does, it will be stopped by PF (second tier) on my home network. However if you are more comfortable with Linux and Netfilter, you should stay with it or learn OpenBSD PF before implementing. The OpenBSD FAQ is great place to get started. http://www.openbsd.org/faq/pf/index.html Regards, Greg DeGennaro Jr., CCNP Security Analyst -----Original Message----- From: chort [mailto:chort () amaunetsgothique com] Sent: Monday, August 18, 2003 10:45 AM To: Edward Rustin Cc: Damon McMahon; security-basics () securityfocus com Subject: Re: Best IP configuration for OpenBSD firewall/router On Mon, 2003-08-18 at 09:24, Edward Rustin wrote:I'm also going to assume that you're going to be using some sort of iptables setup on your gateway so that it can perform some firewalling functions as well. So if you've got iptables set up with the appropriate restrictions on incoming traffic then your should be fine (for certain values of fine which include things such as making sure you're secure and patching your system when it needs it...)Just FYI iptables is the Linux kernel Netfilter. OpenBSD uses pf for packet filtering. To the original poster, try searching Google for sample pf.conf scripts. By the way, I agree with the direction you're taking to use OpenBSD for your gateway. I know many people recommend Linux to build a gateway, but many Linux distributions are getting bloated now and the kernel itself has had a few problems. Since OpenBSD is a distribution that does exhaustive code review and is very minimal by default, and it has strong cryptography built in, I would recommend OBSD rather than Linux. -- Brian Keefer --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Best IP configuration for OpenBSD firewall/router, (continued)
- Re: Best IP configuration for OpenBSD firewall/router chort (Aug 18)
- Re: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 18)
- Re: Best IP configuration for OpenBSD firewall/router Patrick Benson (Aug 18)
- Re: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 19)
- Re: Best IP configuration for OpenBSD firewall/router chort (Aug 18)
- RE: Best IP configuration for OpenBSD firewall/router Jason Armstrong (Aug 18)
- RE: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 18)
- Re: Best IP configuration for OpenBSD firewall/router Ansgar Wiechers (Aug 19)
- Re: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 19)
- Re: Best IP configuration for OpenBSD firewall/router Ansgar Wiechers (Aug 19)
- RE: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 18)
- RE: Best IP configuration for OpenBSD firewall/router Edward Rustin (Aug 19)