S t i n g r a y wrote:
Now what i want to know , maybe is O T in this list
but what is the diffrence , i mean pf in openBSD is
refered to as a firewall for home or small offices ?
why is that , i mean what is the criteria of an
enterprise firewall what is the diffrence between pf &
MS ISA / cisco pix or checkpoint ?
performance ? stability or features ?
I find it really irritating when people make statements like that
without citing references.
I'm guessing you are reading this:
http://www.openbsd.org/faq/pf/example1.html
This is an EXAMPLE CONFIGURATION for a home or small office. It is
a starting point to understanding PF. It touches upon a few of PFs
features, and helps people understand a simple configuration.
If I'd given you a ten-thousand line pf.conf file, you probably would
have said, "PF is too complicated for me".
"Enterprise products" usually just means you got money to waste on
inferior crap, like Cisco or MS ISA or Checkpoint. People who have
a job to do other than padding their resume will look at actual
features, not buzzword compliance.
Here are two differences between PF and commercial products...
* One is created by professional networkers. One is written by
amateurs.
Commercial firewall products are written by amateurs. People who
don't actually work in the networking business. They work in labs,
they take feedback from people who actually use the products in real
world environments, but they by definition are not on the front lines.
PF is written and maintained by people on the front lines. For
them, it isn't about waiting to see if enough customers demand a fix,
it's their butts, their business that's on the line. It gets fixed or
improved QUICKLY.
* One has deliberate limits put in place, to make sure you have to pay
more as your needs increase. If you live by selling products, the
last thing you want to do is have a product that just works without
needing additional upgrades and support and replacement when your
needs grow (=you can afford to pay more).
The other has no deliberate limits...costs nothing to evaluate,
costs nothing to have a spare for testing ideas on, can be in your
staff's home's for more practice, etc.
Nick.
