Sei que é off topic mas para quem não conhece alguma destas soluções de Firewal essa é uma boa oportunidade de testar .
---------- Forwarded message ---------- From: Alex Moura <[EMAIL PROTECTED]> Date: 24/05/2006 20:17 Subject: BSD firewalling, pfSense and m0n0wall: Chris Buechler and Scott Ullrich To: Fabricio Lima <[EMAIL PROTECTED]>, William Armstrong <[EMAIL PROTECTED]> Diretamente do blog da Dru Lavigne, suas anotações e os slides da palestra sobre o pfSense, por seus autores: http://pfsense.org/bsdcan/BSDCan2006.pdf http://blogs.ittoolbox.com/unix/bsd/archives/bsdcan-day-2-9278?sp=CM BSD firewalling, pfSense and m0n0wall: Chris Buechler and Scott Ullrich This was the conference talk that made me wish I had time to go home and play with pfSense. It's definitely towards the top of my list of things to try and a potential future article. The slides from the talk are available here. Chris and Scott are two of the committers for this project which is a fork of the m0n0wall project. They began by discussing the various BSD firewalling options (ipfw, ipf, pf) and the features found in each. They then described the features found in m0n0wall which is a user-friendly, feature-rich gui front end to FreeBSD 4.11 running IPFW and dummynet. m0n0wall was founded by Manuel Kasper and is a good choice for embedded systems (e.g. you want a project for your Soekris). pfsense is based on FreeBSD 6.1 and pf and was designed for PC architecture. See their FAQ: Why the fork?. Here are the rest of my notes: they hesitated setting up a web forum but its the best thing they could have done (it is better than mailing lists in quality of posters) male to female ratio of posters 65:1 pfSense supports RADIUS, upgrades via webGUI, CARP, PFSync, XML configuration sync between master and backup hosts for a single point of administration for a firewall cluster, PPPoE server, themes, setup wizard, OpenVPN provides integrated install of packages: doorman, ntop, squid, spamd, pfflowd, assp, arpwatch, freeradius, ifdepd, sipproxd, stunnel, widentd, iperf, nmap recommend minimum 128 MB RAM developers edition: can build all versions of pfSense with one command embedded version: designed for 64 MB compact flash and 128 MB RAM; read-only environment and only mounts the flash device r/w as required (to save configurations); currently no package support (it's possible but not officially supported) CDROM version: stores config on removable media (flash, floppy); if install on disk, need 50 MB of disk space and provides package support CARP provides underlying failover and ease of administration via virtual IPs pfSense allows you to convert inexpensive hardware into firewall clusters wireless: supports Atheros, HostAP support, WPA supplicant (client) support, turbo modes, OLSR for wireless meshing support can safely install on top of an existing FreeBSD system pkg_add comes with pfSense so can add own packageset they had a chance to fix some bugs during BSDCan (advantage of devs meeting together face to face a Chicago based fortune 500 firm is using it with average of 450,000 entries in state table and hospital in Brazil is using 70% of OC3 pipe; it is still beta software so companies aren't yet willing to advertise their usage of it Upcoming features in version 1: ability to set separate username/passwords per firewall and push changes to desired firewalls 1.0 will have a vmimage; the current ISO detects vmware and changes some sysctl MIBs to optimize firewall within guest Scott showed screenshots of upcoming features; pfsense has builtin rrd graphing Scott then demonstrated CoreGUIBuilder which allows you to drag and drop to create custom screens and automatically generates required XML code for you (this sounds a lot like the tool IBM was demonstrating at PHPQuebec) dynamic ajax log viewer so can view logs live in a GUI Scott mentioned that he used Wink to create animated portion of presentation. I've been looking for an Open Source solution but it looks like there is only a Linux version. Has anyone else used this program? If so, what are your thoughts on its usability? -- -=-=-=-=-=-=-=-=-=- William David Armstrong <----. Of course it runs Bio Systems Security Networking <----|========================== Hinodeinfo Soluções em Informática <----' NetBSD, OpenBSD or FreeBSD ICQ 27550645 MSN / GT biosystems gmail . com -------------------------------------- ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd