Re: pf versus netgear/linksys firewall

From: Bas Keur (viper_at_dmrt.net)
Date: 04/24/04

• Next message: Christian Weisgerber: "Re: pf versus netgear/linksys firewall"
• Previous message: erik: "Re: pf versus netgear/linksys firewall"
• In reply to: Greyhame: "pf versus netgear/linksys firewall"
• Next in thread: Christian Weisgerber: "Re: pf versus netgear/linksys firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 24 Apr 2004 06:51:34 +0200

| What reasons might one have for setting up an OpenBSD box running pf
| instead of buying a cheap router/firewall (like the offerings from netgear
| or linksys)?

| Reasons I'm guessing:

| 1) Fun to tinker with pf
| 2) Finer-grained (say I want to allow ssh, but only from specific hosts .
. .)

MUCH MUCH finer

You can even block Specific OS's & versions :)
block in on $ext_if proto { tcp, udp } from any \
    os { SCO, NMAP, Windows:2000:SP3 }

| 3) If the netgear/linksys option crashes (because it runs out of memory,
| for example).

I flood my Netgear MR314 at least twice a week (At home)

| 4) Speed?

Sure, at some point those little boxes will fry.
You can simply upgrade a server.

| 5) For small-business (where a cisco option is too expensive) (and a VPN
| server is desired)...

I suggest You (#READ ON PEOPLE :) #)
1: Call your local hardware dealer and tell him you need a Symantec
VPN100 or VPN200r. "For testing" (We are talking a lousy -+$300)
Both are Cheap yet Good Switch/Firewall/VPN/Syslog appl.
Take 10 minutes to configure it, and put it in place done.

2: Build your killer OpenBSD Firewall, take your time, test, tweak etc.
Done ? *swap* and voila.

| I realize that the netgear/linksys options are mainly NAT with the
| ability to "punch holes" to redirect particular port traffic to private
| ip's. In what way is a particular pf implementation superior?

To much to post all, but for starters no cpu/mem limitations,
variables,macro's, logging capabilities etcetc.

| Or, is this all personal preference? What am I missing?

When you need to write down some "stuff:" the PDA is great.
When you need to write down some stuff, mail some people, install some
software etcetcetc you will use a laptop.
Take the right tool for the job.

PS: When hit a Linksys with a basebal-bat it explodes in -+ 500 pieces
PS2: The Netgear just breaks in half.

-[ ViPER - viper@dmrt.net
-[ http://www.dmrt.net
-[ http://www.securitydatabase.net
-[ Religion is a major weapon in the war against reality.

• Next message: Christian Weisgerber: "Re: pf versus netgear/linksys firewall"
• Previous message: erik: "Re: pf versus netgear/linksys firewall"
• In reply to: Greyhame: "pf versus netgear/linksys firewall"
• Next in thread: Christian Weisgerber: "Re: pf versus netgear/linksys firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: pf versus netgear/linksys firewall ... > instead of buying a cheap router/firewall (like the offerings from netgear ... > Reasons I'm guessing: ... more packet filtering languages, configuration interfaces, feature ... I expect pf to beat those Netgear/Linksys/etc offerings ... (comp.unix.bsd.openbsd.misc) Re: pf versus netgear/linksys firewall ... > instead of buying a cheap router/firewall (like the offerings from netgear ... (comp.unix.bsd.openbsd.misc)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint