[Gllug] Firewall distro
Bruce Richardson
itsbruce at uklinux.net
Sat Feb 5 19:56:50 UTC 2005
On Fri, Feb 04, 2005 at 06:10:19PM +0000, Tethys wrote:
> Quite simply, the only solution I can recommend is OpenBSD. Other solutions,
> such as a Linux distribution with iptables will work and be perfectly valid,
> but OpenBSD is the way to go. It's easier to configure, more secure, and
> more expressive.
Agreed. It took me a while to understand how best to translate the
tree structure of iptables rules into pf's linked list structure but
it's worth it. Macros, address lists, address tables...
In contrast, the more I've used iptables the more I've grown to dislike
it. The three-table separation is horrible and the rule chain mechanism
is much less flexible than it first seems. I think it's a mess.
--
Bruce
Bitterly it mathinketh me, that I spent mine wholle lyf in the lists
against the ignorant. -- Roger Bacon, "Doctor Mirabilis"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20050205/727a5259/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list