Date: Fri, 23 May 2014 10:24:10 +0200 From: Rainer Duffner <rainer@ultra-secure.de> To: Peter Wemm <peter@wemm.org> Cc: freebsd-stable@freebsd.org Subject: Re: What is your favourite/best firewall on FreeBSD and why? Message-ID: <20140523102410.0f61fe0c@suse3.ewadmin.local> In-Reply-To: <537E7F2F.1050903@wemm.org> References: <20140520070926.GA92183@The.ie> <537CF293.5010508@sentex.net> <537E7F2F.1050903@wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am Thu, 22 May 2014 15:50:23 -0700 schrieb Peter Wemm <peter@wemm.org>: > The main source of pain we have is that the pf in FreeBSD doesn't do > ipv6 fragment processing. We had to work around this because we have > public facing DNS servers behind it and they have to deal with ipv6 > fragments. Hi, can you elaborate on this a bit more (without exposing the security of the FreeBSD.org cluster)? The reason I ask is that we're going to implement a new DNS soon'ish and it will also need to serve IPV6. It's planned to run pf on the nameservers directly. At least until we have a commercial firewall that actually does IPV6 better than pf ;-) Or is there information on the web about this, somewhere? Thanks in advance Rainer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140523102410.0f61fe0c>