[123599] in North American Network Operators' Group
Re: Need advise for a linux firewall
daemon@ATHENA.MIT.EDU (Jim Miller)
Thu Mar 11 14:46:01 2010
In-Reply-To: <4B9943CA.7070405@optonline.net>
Date: Fri, 12 Mar 2010 00:15:32 +0430
From: Jim Miller <stljim@gmail.com>
To: Abdul Nazeer <voipuser@optonline.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Mar 11, 2010 at 11:56 PM, Abdul Nazeer <voipuser@optonline.net>wrote:
> On 03/11/2010 11:22 AM, gordon b slater wrote:
> > On Thu, 2010-03-11 at 11:00 -0500, Abdul Nazeer wrote:
> >
> >
> >> iptables, but if anyone has any other suggestion, I'd love to hear it.
> >>
> > PFsense, (being freeBSD-based, comes under your "other" category)
> > It uses the OpenBSD-based pf firewall, with a web-based GUI for almost
> > everything (except maybe console resets). works for me in several
> > locations, some `heavy and high`.
> >
> Looks interesting. Will give it a shot, thanks!
>
> For a very long time I used the following setup with great success:
1. Debian based linux for the firewall box. With Debian you can do a very
light setup.
2. FWBuilder to builder for the GUI front end. It's been around for quite a
long time now and has built in RCS for revision control.
3. Quagga for OSPF routing.. We only had about .. 4-5 firewalls but made a
lot of internal routing changes and OSPF _really_ made things easy when we
made changes
4. OpenVPN for after-hours access and off-site staff access.
Anyway, just my $0.02
--Jim
