[CentOS] IPtables Possibility

Sat Feb 9 06:21:35 UTC 2008
nate <centos at linuxpowered.net>

Jun Salen wrote:
> Hi,
> I just wonder if I can replace PIX firewall with machine having IPTable as
> my firewall. I want to control our firewall but
> due to the lack of knowledge in configuring PIX, i want to replace it with
> Linux or BSD. I do not have the time now to
> learn the complexity of PIX and yet I want to know what happening in my
> firewall and control it as much as possible.
> Do you think it is justifiable for me to replace it? Can you please provide
> me your inputs? Thank you very much.

Personally I'd go with OpenBSD with pf. It's real easy to use,
much more powerful than IP Tables, and, well just better.
I've been running OpenBSD firewalls for a few years now, before
that my favorite was FreeBSD with ipfw(before bridging was common
in linux). All of my BSD firewalls are bridging firewalls.

The most annoying thing about OpenBSD is the partitioning setup
during installation. I can't believe they haven't changed it in
as long as I've been using it(about 7 years now). Despite having
used linux/unix systems for about 13 years I still get confused
when I get to that screen in the installation (I don't install
it very often). I've installed HPUX, AIX, Tru64, Solaris, tons
of Linux distros, FreeBSD,  and OpenBSD, and probably a couple
others I've forgotten, and still that fdisk-type tool that
OpenBSD uses is so confusing.

OpenBSD PF user guide here: http://www.openbsd.org/faq/pf/index.html