Re[2]: [cumbria_lug] Quick survey...
Ian Linwood
cumbria at mailman.lug.org.uk
Thu Jul 3 20:13:01 2003
Hello trevor,
Thursday, July 3, 2003, 3:38:56 PM, you wrote:
> Trevor is buying a new box for ADSL, Me thinks I might go MAAAD
> and run Errrrr, GNU/Linux on it.
If it is going to be you router/firewall, I strongly suggest OpenBSD
3.3.
The PF tool (the Packet Filter), it's recent enhancements, and the
modules being built around it make it a fantastically powerful piece
of kit.
If you have used IPF, you'll feel right at home;
Examples;
# Pass traffic in on dc0 from the local network, 192.168.0.0/24,
# to the OpenBSD machine's IP address 192.168.0.1. Also, pass the
# return traffic out on dc0.
pass in on dc0 from 192.168.0.0/24 to 192.168.0.1
pass out on dc0 from 192.168.0.1 to 192.168.0.0/24
# Pass TCP traffic in on fxp0 to the web server running on the
# OpenBSD machine. The interface name, fxp0, is used as the
# destination address so that packets will only match this rule if
# they're destined for the OpenBSD machine.
pass in on fxp0 proto tcp from any to fxp0 port www
Redirection rule:
rdr on tl0 proto tcp from 192.0.2.1 to any port 80 -> 192.168.1.5
A much easier syntax to write or debug than IPtables...
The security enhancements built into the OS/kernel also help to make
it a particularly tough nut to crack (its not just a case of not
enabling services the code is security audited). It also has a small
install footprint.
Well worth buying the CDs. Happy on i386, alpha, mac, vax (eek), sparc
& sparc64, also hp300, amiga, mac68k & mvme68k.
I know this is a Linux UG, but I tend to use what is best for the job.
--
Best regards,
Ian