[CentOS] Iptables front-end

Wed Nov 29 21:02:11 UTC 2006
Kevan Benson <kbenson at a-1networks.com>

On Wednesday 29 November 2006 09:09, Aleksandar Milivojevic wrote:
> I'm sure folks on the list will have many many more suggestions.

I guess this is where the obligatory BSD post comes in.

I personally think an enterprise distribution such as CentOS is a bit heavy 
for a firewall device (if indeed that's it's main purpose), an now use 
OpenBSD.  I wouldn't necessarily recommend it as a server OS (and neither do 
some of the developers), but as a network device it really shines.

The pf firewall is easy and intuitive, and with utilities like pftop (to show 
stateful sessions realtime), load balancing capabilities, and pfsync to 
handle seamless firewall failover, it really lives up to the hype.  sasync 
for stateful/seamless failover of ipsec VPN connections is a nice touch too.

It may not be the right fit for everyone (especially those that have very 
strict policies as to what usable hardware/software, but the small footprint 
and fact that everything I've mentioned so far is part of the OpenBSD OS 
proper and not a third party package lends a bit integration often missing in 
the linux world.

OK, that's enough OpenBSD talk.  I really am a CentOS fan at heart, I promise.

-- 
- Kevan Benson
- A-1 Networks