[IOML] RE: IOM Digest, Vol 16, Issue 5
Simon Slaytor
sslaytor at iom.com
Sun Jun 13 20:35:39 BST 2004
My Thoughts exactly, carp is very useful and have a number of resilient
Firewalls using it all hosted on OpenBSD.
Where OpenBSD falls down is support for hardware other than x86, yes =
it's
there but it's neither as expansive as NetBSD or as straightforward as
Linux.
There's an updated port of PF for FreeBSD (From OpenBSD 3.5 I believe) =
which
I've had working. My preferred Firewall / IPsec endpoint etc. etc. would =
use
FreeBSD but at present CARP doesn=92t want to work, leaving a big hole =
in
resiliency that can be offered using this OS.
Just goes to show no one *ix can cover all the bases.
-----Original Message-----
From: iom-bounces at mailman.lug.org.uk =
[mailto:iom-bounces at mailman.lug.org.uk]
On Behalf Of iom-request at mailman.lug.org.uk
Sent: 13 June 2004 12:15
To: iom at mailman.lug.org.uk
Subject: IOM Digest, Vol 16, Issue 5
Send IOM mailing list submissions to
iom at mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.lug.org.uk/mailman/listinfo/iom
or, via email, send a message with subject or body 'help' to
iom-request at mailman.lug.org.uk
You can reach the person managing the list at
iom-owner at mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of IOM digest..."
Today's Topics:
1. Re: Re: IOM Digest, Vol 16, Issue 3 (Dylan Smith)
----------------------------------------------------------------------
Message: 1
Date: Sat, 12 Jun 2004 11:44:34 +0000 (UTC)
From: Dylan Smith <dyls at alioth.net>
Subject: Re: [IOML] Re: IOM Digest, Vol 16, Issue 3
To: IOM LUG <iom at mailman.lug.org.uk>
Message-ID: <Pine.LNX.4.58.0406121138590.28253 at vexed3.alioth.net>
Content-Type: TEXT/PLAIN; charset=3DUS-ASCII
On Sat, 12 Jun 2004, Simon Slaytor wrote:
> Now all I need is for the guys who develop iptables/netfilter to
> support 'true' stateful' inspection and I'd be as happy as a pig in
> muck, either that or someone write a driver for the connexant card so
> that I can run it under NetBSD, that way I could use PF and feel =
really
> secure.
Probably heresy to mention this on the LUG ML, but there is a *BSD =
driver
(userspace, I think) for the Alcatel stingray USB modem. It's the same
driver essentially as what is used to run the modem under Linux (I use =
the
userspace one as it means one less thing to remember after kernel
compiles).
Personally, I use OpenBSD for my low-cost firewalling - with OpenBSD
you've now got CARP and pfsync which means you can have failover
capabilities by using more than one OpenBSD system. It also supports
pfauth, so you can have different rules for different users (as well as
having authentication in the first place). Probably overkill for most =
home
setups though, where iptables is usually good enough.
--=20
Dylan Smith, Port St Mary, Isle of Man | Code fast, crash young and
Flying: http://www.dylansmith.net | leave a beautiful core.
FFE/Elite Universe: http://www.alioth.net | -- JK (#afe)
------------------------------
_______________________________________________
IOM mailing list
IOM at mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/iom
End of IOM Digest, Vol 16, Issue 5
**********************************
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 07/06/2004
=20
---
Outgoing mail is certified Virus Free : Scanned by AVG AntiVirus
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 07/06/2004
=20
More information about the IOM
mailing list