CentOS - Dec 2009 - iptables ... *BSD pf ... pfSense

Hi,

I followed the "Optimizing CentOS for gigabit firewall" posting and as
some posters wrote pf is soo sooo ssooooo mutch faster, I was thinking 
to give it a try. But I'm not familier to BSD so I was looking for some 
tools and found "pfsense"

http://www.pfsense.org/

"pfSense is a free, open source customized distribution of FreeBSD 
tailored for use as a firewall and router"

Has any of the firewall guys on the list ever tested this distri?

What do you think?

Right now we run a iptables Shorewall system and had no problems so far, 
but having a "managed" firewall distri which rocks whould be an
alternative.

Cheers,

	G?tz


-- 
G?tz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke at filmakademie.de

Filmakademie Baden-W?rttemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia H?bner
Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium

Gesch?ftsf?hrer:
Prof. Thomas Schadt

----- "G?tz Reinicke - IT Koordinator" <goetz.reinicke at
filmakademie.de> wrote:
> Hi,
> 
> I followed the "Optimizing CentOS for gigabit firewall" posting
and as
> 
> some posters wrote pf is soo sooo ssooooo mutch faster, I was thinking
> 
> to give it a try. But I'm not familier to BSD so I was looking for
> some 
> tools and found "pfsense"
> 
> http://www.pfsense.org/
> 
> "pfSense is a free, open source customized distribution of FreeBSD 
> tailored for use as a firewall and router"
> 
> Has any of the firewall guys on the list ever tested this distri?
> 
> What do you think?
> 
> Right now we run a iptables Shorewall system and had no problems so
> far, 
> but having a "managed" firewall distri which rocks whould be an
> alternative.
> 

pfSense is fantastic, amazing, etc. You get the rock solid foundation of FreeBSD
along with pf and a nice GUI around it. Features, package addons, performance,
and of course price are all very nice. Plus, their support is top notch, both
community and paid versions. I doubt you'll find a better open source
firewall distro anywhere.
</soapbox>

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

On 12/22/2009 07:22 PM, G?tz Reinicke - IT Koordinator
wrote:
> Hi,
> 
> I followed the "Optimizing CentOS for gigabit firewall" posting
and as
> some posters wrote pf is soo sooo ssooooo mutch faster, I was thinking 
> to give it a try. But I'm not familier to BSD so I was looking for some
> tools and found "pfsense"
> 
> http://www.pfsense.org/
> 
> "pfSense is a free, open source customized distribution of FreeBSD 
> tailored for use as a firewall and router"
> 
> Has any of the firewall guys on the list ever tested this distri?
> 
> What do you think?
pf is not a native FreeBSD thingie... you won't get the latest features,
tweaks, and optimizations there.

Timo
> Right now we run a iptables Shorewall system and had no problems so far, 
> but having a "managed" firewall distri which rocks whould be an
alternative.
> 
> Cheers,
> 
> 	G?tz

On Tue, 22 Dec 2009 19:22:23 +0100
G?tz Reinicke - IT Koordinator <goetz.reinicke at filmakademie.de> wrote:

> http://www.pfsense.org/
> 
> What do you think?
Running in production since 0.9 or so. 1Gbit of traffic, carp failover, multiple
vlans, all kinds of VPN, etc.

I have to think hard to come up with something that I don't like about
pfsense ... lack of IPv6 support could be one such minus.


-- 

Jure Pe?ar
http://jure.pecar.org