> > Hello, > > I've posted the attached mail in the IP Filter mailing list; the > only > responses have been bad configured vacation replies :-( > > someone from freebsd-hackers has an idea? thanks in advance > > matthias > > ----- Forwarded message from Matthias Apitz <[EMAIL PROTECTED]> ----- > > From: Matthias Apitz <[EMAIL PROTECTED]> > Date: Sun, 3 Aug 2008 08:24:15 +0200 > To: IP Filter <[EMAIL PROTECTED]> > Subject: Q: case studies about scalable, enterprise-class firewall > w/ IPFilter > > > Hello, > > We're currently protecting our network (and as well some FreeBSD > laptops > standalone) with IPFilter... I'm wondering if there are any case > studies > about scalable, enterprise-class firewall solutions, redundancy with > state-full failover, and application-level inspection, and all that > a > like, based on IPFilter and FreeBSD; > > thanks in advance for any pointers > > matthias > --
Hi there, I have never used ipfilter, but I do use pf, and it can do state-full failover, or firewall redundancy, with CARP (the Common Address Redundancy Protocol) and pfsync. If there is an equivalent syncing program, eg ipfiltersync then you could use that with CARP to allow an ipfilter firewall to fail-over with full state tables intact. Also, you can inspect all manner of status info and tables for a running firewall with pfctl, there must be an equivalent for ipfilter. If you are looking for general info about building a firewall, eg tcp and ip headers, plus icmp and voip and other protocols, then I would recommend the following tutorial, it has a huge amount of information - it is a lot more than just a tutorial on iptables. http://iptables-tutorial.frozentux.net/iptables-tutorial.html Lastly, the "OpenBSD PF Packet Filter Book" has been very useful for me, but I use pf where possible - I think it is the easiest, and paradoxically the most powerful of all packet filters, but that is my personal opinion, YMMV. Cheers, Tim. _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
