Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Aug 2008 11:19:10 +0200
From:      "Adrian Penisoara" <ady@freebsd.ady.ro>
To:        "Matthias Apitz" <matthias.apitz@oclc.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
Message-ID:  <78cb3d3f0808050219k94105adxd114012634989b31@mail.gmail.com>
In-Reply-To: <20080805080520.GB3063@rebelion.Sisis.de>
References:  <20080805080520.GB3063@rebelion.Sisis.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

On Tue, Aug 5, 2008 at 10:05 AM, Matthias Apitz <guru@unixarea.de> wrote:
>
> Hello,
>
> I've posted the attached mail in the IP Filter mailing list; the only
> responses have been bad configured vacation replies :-(
>
> someone from freebsd-hackers has an idea? thanks in advance
>
>        matthias
>
> ----- Forwarded message from Matthias Apitz <guru@UnixArea.de> -----
>
> From: Matthias Apitz <guru@UnixArea.de>
> Date: Sun, 3 Aug 2008 08:24:15 +0200
> To: IP Filter <ipfilter@coombs.anu.edu.au>
> Subject: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
>
>
> Hello,
>
> We're currently protecting our network (and as well some FreeBSD laptops
> standalone) with IPFilter... I'm wondering if there are any case studies
> about scalable, enterprise-class firewall solutions, redundancy with
> state-full failover, and application-level inspection, and all that a
> like, based on IPFilter and FreeBSD;

 Hmm, none that I know of, but I would be interested to (get) involved
in such a project  (on behalf of the emerging EntepriseBSD project
and/or business consulting).

 I have been working with IPFilter in the past, even built a pretty
complex setup for the university where I've been studying (might be
still running) with statefull tables (kept across reboots) and the
associated scaling problems. Besides sporadic issues (with lost
sessions due to overflowing the session tables until I fine-tuned the
IPF state timeouts) it was quite a success.

 Nowadays I believe the trend is to use pf(4) instead of ipf(4) as it
offers quite the same functionality under a presumably better license
(although I sometimes miss the hierarchical structuring available
through group/head in IPFilter).

 Let me know if I can be of help.

Regards,
Adrian Penisoara
EnterpriseBSD project / ROFUG
Ady (@enterprisebsd.info, @bsdconsultants.com)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78cb3d3f0808050219k94105adxd114012634989b31>