[EMAIL PROTECTED] wrote:
On the part of our network
that I'm doing this for we might see maximum 20Mbit/s unencrypted
traffic.
Is anyone using an OpenBSD/pf solution in a production environment
like this? What hardware are you using? How's it holding up? :-)
Several sites at different colos OpenBSD fw using older Rackable P4
bursts over 20M during peaks (em dual Gigabit Nic), no down time so far.
pf with small ruleset but 20,000+ list of blocked IP addresses, plus 1,000s of
ssh brute force attackers, spammers and blocking bogons from
http://www.cymru.com/Bogons/ .
Upgraded from Sun X1 that had run for 900+ days but wanted to standardize
hardware. Cold spares.
Running OpenVPN on a separate machine rather than running VPN on the fw.
Load is low and life is good but would be better if the traffic was more like
80 Mbps.
BTW, I have machines at a colo where a website named "someguysnamelist.org"
has servers, and they (used to, at least) use OpenBSD firewalls, too.
It would be nice if major sites that used OpenBSD/pf would report that info
and contribute to the projects. It would help when one needs to make the case
for OpenBSD to clueless management types.
