FYI, I've successfully substituted Linux-iptables with PFsense on Soekris net4801 using 5 eth ports and everything have been running fine for more than 30 days.
About the rule translation nightmare: aliases and rules optimization permitted me to convert the 1000 lines in about 50 rules. Great! I think it would be a great enhacement to be able to define "aliases of aliases" to reduce further more the ruleset managing complexity. Thanks again to everybody involved in PFsense dvelopment and support! Odette Alle 16:20, martedì 6 giugno 2006, Odette ha scritto: > Hi all, > > I need to substitute our production firewall, and I'd like to use PFsense > which I've already successfully used for home or small office environments. > > The solution I'm going to substitute is based on Linux-iptables which > requires more than 1000 rules. I need more than 25 static routes, and 5 > VPNs. > > Furthermore, in the next future we are migrating 2 of 3 network branches on > Gbit. > > I'd like to try with PFsense, but my boss (I'm sure) will kill me in the > event I spend half a week in setting up the new PFsense and writing down > all the rules to see that PFsense is not the right solution. > > Is there a rules number limit or a session number limit implemented in > PFsense? > > Does somebody have some expertize in similar situations? > > Anybody able to supply info or suggenstions? > > Tanks in advance > > Odette
