[Cialug] New Firewall

[Tom Pohl]

I'm guessing that the packages are slow to incorporate the newer  
modules.

This is a corporate firewall that I'm setting up, so using  
underpowered hardware isn't really an option for me.  I really need  
the speed that this hardware provides.  I thought about trying to go  
a CF based route but I need the ability to log data (potentially LOTS  
of data) persistently.  I do have the drives in a RAID 1 config so it  
won't be a big deal to replace a hard drive when one dies and still  
have my logs.

Broadcom provides linux modules for their chips, but I didn't see  
anything for xBSD thus making the linux based products more  
attractive, but not if they can't support my raid card :)

-Tom


On Jan 5, 2007, at 3:04 PM, Nathan C. Smith wrote:

> I was thinking the same thing about moving parts.  http:// 
> www.pfsense.org
> Although you probably have the drives in a RAID 1 config.
>
> I set up pfSense on a Soekris (http://www.soekris.com) board last  
> week and I
> am really amazed by it.  In many senses better than commercial  
> firewalls
> (sonicwall) I have used.
>
> Tom, are the firewall packages just lacking new enough drivers for the
> network cards, or are drivers for the cards still buggy?
>
> -Nate
>
>
> McKee, Voorhees & Sease
> 801 Grand Avenue, Suite 3200
> Des Moines, Iowa 50309
> phone: 515-288-3667
> fax: 515-288-1338
> e-mail: @ipmvs.com
> url:  www.ipmvs.com
> -----Original Message-----
> From: Daniel A. Ramaley [mailto:daniel.ramaley at DRAKE.EDU]
> Sent: Friday, January 05, 2007 2:53 PM
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] New Firewall
>
> On Friday 05 January 2007 14:24, Tom Pohl wrote:
>> Does anyone know of a set of tools that will give me what I'm looking
>> for that will install on top of a standard distribution instead of a
>> stand alone distribution with a purdy web interface?
>
> I wouldn't install a firewall using anything other than OpenBSD. I'd
> probably also remove the unnecessary moving parts (read: hard  
> drives) and
> replace them with a 1 GB IDE flash drive. Actually i'm going to be  
> replacing
> my home firewall soon with a low-power machine running OpenBSD off  
> of flash.
> Based on recent other experiences installing OpenBSD, a full  
> installation
> will leave most of the 1 GB free. And it is possible to configure the
> filesystem to be read-only so you don't have to worry about power  
> outages,
> at least not beyond the usual spikes and such that a high-quality  
> surge
> protector can filter out.
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>