[CentOS] Iptables front-end
kbenson at a-1networks.com
Wed Nov 29 21:02:11 UTC 2006
On Wednesday 29 November 2006 09:09, Aleksandar Milivojevic wrote:
> I'm sure folks on the list will have many many more suggestions.
I guess this is where the obligatory BSD post comes in.
I personally think an enterprise distribution such as CentOS is a bit heavy
for a firewall device (if indeed that's it's main purpose), an now use
OpenBSD. I wouldn't necessarily recommend it as a server OS (and neither do
some of the developers), but as a network device it really shines.
The pf firewall is easy and intuitive, and with utilities like pftop (to show
stateful sessions realtime), load balancing capabilities, and pfsync to
handle seamless firewall failover, it really lives up to the hype. sasync
for stateful/seamless failover of ipsec VPN connections is a nice touch too.
It may not be the right fit for everyone (especially those that have very
strict policies as to what usable hardware/software, but the small footprint
and fact that everything I've mentioned so far is part of the OpenBSD OS
proper and not a third party package lends a bit integration often missing in
the linux world.
OK, that's enough OpenBSD talk. I really am a CentOS fan at heart, I promise.
- Kevan Benson
- A-1 Networks
More information about the CentOS