nanog mailing list archives

Re: Firewalls - Ease of Use and Maintenance?

From: Nick Hilliard <nick () foobar org>
Date: Wed, 09 Nov 2011 13:24:20 +0000

On 09/11/2011 12:22, Richard Kulawiec wrote:

You will find it very difficult to beat pf on OpenBSD for efficiency,
features, flexibility, robustness, and security.  Maintenance is very
easy: edit a configuration file, reload, done.


There are several areas where pf falls down.  One is auto-synchronisation
from primary to backup firewall (not really a pf problem, but it's
important for production firewall systems).  Another is ipv6 fragments,
although this was mostly fixed in a commit on 20110329 (released in 5.0),
which unfortunately has not yet made its way to freebsd yet.  A third is
openbsd's poor ethernet hardware interrupt handling.  Again, this has
improved recently, but it's still lags seriously behind linux / freebsd.

Having said that, it's still my least disfavoured stateful packet filtering
system.

Nick

Current thread:

Re: Firewalls - Ease of Use and Maintenance?, (continued)
- Re: Firewalls - Ease of Use and Maintenance? Richard Kulawiec (Nov 09)
  - Re: Firewalls - Ease of Use and Maintenance? Alex Nderitu (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Joe Greco (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Richard Kulawiec (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Joe Greco (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Valdis . Kletnieks (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Joe Greco (Nov 09)
    - RE: Firewalls - Ease of Use and Maintenance? Nathan Eisenberg (Nov 09)
  - Re: Firewalls - Ease of Use and Maintenance? Nick Hilliard (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Jonathan Lassoff (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Nick Hilliard (Nov 09)
    - RE: Firewalls - Ease of Use and Maintenance? Nathan Eisenberg (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? C. Jon Larsen (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Nick Hilliard (Nov 09)
    - Re: Firewalls - Ease of Use and Maintenance? Jimmy Hess (Nov 10)
    - Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
    - Re: Firewalls - Ease of Use and Maintenance? Richard Kulawiec (Nov 10)
    - Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
    - Re: Firewalls - Ease of Use and Maintenance? Peter Kristolaitis (Nov 10)

(Thread continues...)