On 9-11-2011 0:06, Jones, Barry wrote:
Hello all.
I am potentially looking at firewall products and wanted suggestions as to
the easiest firewalls to install, configure and maintain? I have a few small
networks ( 50 nodes at one site, 50 odd at another, and maybe 20 at another.
I have
On Wed, 2011-11-09 at 09:13 +0100, Seth Mos wrote:
I am biased because I am a pfSense developer.
pfSense is a free open source FreeBSD based firewall with the pf
packet filter. http://www.pfsense.org
I'm a very happy user of m0n0wall and I know pfSense is often seen as
the more 'grown up'
On 9-11-2011 11:07, Tom Hill wrote:
On Wed, 2011-11-09 at 09:13 +0100, Seth Mos wrote:
I am biased because I am a pfSense developer.
pfSense is a free open source FreeBSD based firewall with the pf
packet filter. http://www.pfsense.org
I'm a very happy user of m0n0wall and I know pfSense
On 09/11/2011 03:14, Randy Bush wrote:
once again,
o when you have no connection to a cache or no covering roa for a
a prefix, the result is specified as NotFound
o we recommend you route on NotFound
so the result is the same as today.
Well no, not really because when the cache
On Wed, 2011-11-09 at 12:01 +0100, Seth Mos wrote:
That is correct, it is in the 2.1 branch. Our code has diverged a lot
from m0n0wall where it came from so porting it was not easy. Instead I
wrote the code from scratch.
I wrote the IPv6 code in pfSense 2.1 for the last year and I've been
You will find it very difficult to beat pf on OpenBSD for efficiency,
features, flexibility, robustness, and security. Maintenance is very
easy: edit a configuration file, reload, done.
---rsk
On 11/09/2011 03:22 PM, Richard Kulawiec wrote:
You will find it very difficult to beat pf on OpenBSD for efficiency,
features, flexibility, robustness, and security. Maintenance is very
easy: edit a configuration file, reload, done.
---rsk
An important feature lacking for now as far as I
On 11/09/2011 03:22 PM, Richard Kulawiec wrote:
You will find it very difficult to beat pf on OpenBSD for efficiency,
features, flexibility, robustness, and security. Maintenance is very
easy: edit a configuration file, reload, done.
An important feature lacking for now as far as I know
On Wed, Nov 09, 2011 at 03:32:45PM +0300, Alex Nderitu wrote:
An important feature lacking for now as far as I know is content/web
filtering especially for corporates wishing to block
inappropriate/time wasting content like facebook.
1. That's not a firewall function. That's a censorship
On 09/11/2011 12:22, Richard Kulawiec wrote:
You will find it very difficult to beat pf on OpenBSD for efficiency,
features, flexibility, robustness, and security. Maintenance is very
easy: edit a configuration file, reload, done.
There are several areas where pf falls down. One is
On Wed, Nov 09, 2011 at 03:32:45PM +0300, Alex Nderitu wrote:
An important feature lacking for now as far as I know is content/web
filtering especially for corporates wishing to block
inappropriate/time wasting content like facebook.
1. That's not a firewall function. That's a
I think that firewall/censorship is all semantics. The real question is
the scale of the environment and the culture of your shop and areas of
ownership.
I work in a large enterprise. Combining functions such as L3
firewalling with content filtering with url filtering with XXX can be
OH yeah!
MANAGEMENT: If you have a few FWs and you manage them independently life
is grand. But what if you have 20? 50? 100? and if 30-40 percent of the
policy is the same?
Cisco: NOTHING. Don't let them lie to you.
CheckPoint: Provider 1 and SmartManager.
Juniper: Not sure.
BSD/PFSense:
Hi, I'm at a smaller company that wanted not only firewall capabilities but
application level filtering.
We went with the Palo Alto Networks.
Story is the Palo Alto founder was formerly of Netscreen/Juniper.
Anyhow. We've not had any issues with the PA500's that we use in our
environment. They
On Wed, Nov 9, 2011 at 5:24 AM, Nick Hilliard n...@foobar.org wrote:
On 09/11/2011 12:22, Richard Kulawiec wrote:
You will find it very difficult to beat pf on OpenBSD for efficiency,
features, flexibility, robustness, and security. Maintenance is very
easy: edit a configuration file, reload,
NANOG Community -
There is an Draft Policy for Inter-RIR Transfers presently in extended
Last Call in the ARIN Policy Development Process. The Last Call
will run for one more week, and allows an opportunity for anyone in the
Internet community to provide feedback regarding this
In a message written on Wed, Nov 09, 2011 at 03:33:04PM +, John Curran
wrote:
There is an Draft Policy for Inter-RIR Transfers presently in extended
Last Call in the ARIN Policy Development Process. The Last Call
will run for one more week, and allows an opportunity for
On Wed, Nov 9, 2011 at 10:33 AM, John Curran jcur...@arin.net wrote:
The ARIN Advisory Council (AC) met on 14 October 2011 and decided to
send an amended version of the following draft policy to an extended last
call:
ARIN-2011-1: ARIN Inter-RIR Transfers
Hi folks,
There has been some
Update from http://www.comcast6.net
IPv6 Pilot Market Deployment Begins
Wednesday, November 9, 2011
Comcast has started our first pilot market deployment of IPv6 in limited areas
of California and Colorado. This first phase supports directly connected CPE,
where a single computer is directly
On 2011-11-09 17:32 , Brzozowski, John wrote:
Update from http://www.comcast6.net
IPv6 Pilot Market Deployment Begins
Wednesday, November 9, 2011
Comcast has started our first pilot market deployment of IPv6...
Congrats! One step closer to full deployment!
Greets,
Jeroen
On 11/09/2011 11:40 AM, Jeroen Massar wrote:
On 2011-11-09 17:32 , Brzozowski, John wrote:
Update from http://www.comcast6.net
IPv6 Pilot Market Deployment Begins
Wednesday, November 9, 2011
Comcast has started our first pilot market deployment of IPv6...
Congrats! One step closer to full
On Wed, Nov 9, 2011 at 8:40 AM, Jeroen Massar jer...@unfix.org wrote:
On 2011-11-09 17:32 , Brzozowski, John wrote:
Update from http://www.comcast6.net
IPv6 Pilot Market Deployment Begins
Wednesday, November 9, 2011
Comcast has started our first pilot market deployment of IPv6...
Congrats!
This appears directed at the Home market. Any word on the Business Class
market even as a /128?
-Original Message-
From: Brzozowski, John [mailto:john_brzozow...@cable.comcast.com]
Sent: Wednesday, November 09, 2011 9:33 AM
To: NANOG
Subject: Comcast IPv6 Update
Update from
This is not all we are pursuing, it is part of our incremental enablement
and deployment. We have a non-trivial population of users that are
directly connected versus using a home router. If you notice we also
mention that we will soon be sharing information about customer home
gateway plans.
:)
=
John Jason Brzozowski
Comcast Cable
e) mailto:john_brzozow...@cable.comcast.com
o) 609-377-6594
m) 484-962-0060
w) http://www.comcast6.net
=
On 11/9/11 11:49 AM, Cameron Byrne cb.li...@gmail.com wrote:
On
On 11/9/11 11:54 AM, Blake T. Pfankuch bl...@pfankuch.me wrote:
This appears directed at the Home market. Any word on the Business Class
market even as a /128?
Business Class is coming later. It won't hurt to contact the Business
Class sales number and ask about IPv6 (and tell them to escalate
On 8 November 2011 19:59, joshua.kl...@gmail.com wrote:
If I may ask, is there any OSS that can serve as a log bank or log server,
snip
Do you mean OSS, or do you mean free?
/bugbear
M
An important feature lacking for now as far as I know is content/web
filtering especially for corporates wishing to block inappropriate/time
wasting content like facebook. Addition of this would place it a par
with the best like Sonicwall and Fortinet.
At a previous employer, we utilized a
Another alternative is RouterOS/MikroTik. Plenty of high end solutions
and low end.
---
Dennis Burgess, Mikrotik Certified Trainer
Link Technologies, Inc -- Mikrotik WISP Support Services
Office: 314-735-0270 Website:
On Wed, 09 Nov 2011 08:00:01 CST, Joe Greco said:
On Wed, Nov 09, 2011 at 03:32:45PM +0300, Alex Nderitu wrote:
An important feature lacking for now as far as I know is content/web
filtering especially for corporates wishing to block
inappropriate/time wasting content like facebook.
We ran into a strange situation yesterday that I am still trying to
figure out. We have many VoIP customers but yesterday suddenly select
few of them couldn't reach the SIP provider's network from our
network.
I could traceroute to the SIP providers server from the affected
clients' IP just
On 09/11/2011 15:18, Jonathan Lassoff wrote:
I've found that this works decently well, via pfsync.
I meant config sync, not state sync.
Nick
I can't say I have a specific answer to your question, but yesterday I was
seeing major packet loss on outbound audio from all my VoIP customers using
Qwest and going in to servers on L3. It's entirely possible that SIP was also
being lost, just the audio was the more notable and pressing
What was the timeframe for your issues? Just curious since we saw some
strangeness last night.
Preston
-Original Message-
From: Sean Harlow [mailto:s...@seanharlow.info]
Sent: Wednesday, November 09, 2011 12:00 PM
To: Jay Nakamura
Cc: NANOG
Subject: Re: Anyone seen this kind of
I meant config sync, not state sync.
I have multiple deployments of the config synchronization working just fine. :)
On Wed, 9 Nov 2011, Nick Hilliard wrote:
On 09/11/2011 15:18, Jonathan Lassoff wrote:
I've found that this works decently well, via pfsync.
I meant config sync, not state sync.
put the main portion of the conf in subversion as an include file and
factor out local differences in the
It started sometime Tuesday morning. I have yet to set the route back
to Qwest. I am going to do that tonight and test it.
On Wed, Nov 9, 2011 at 2:04 PM, Preston Parcell
preston.parc...@viawest.com wrote:
What was the timeframe for your issues? Just curious since we saw some
strangeness
Mark Andrew wrote:
[...]
That said though the PTR-forward-PTR check is a proper check and a
really great way to figure out if the source SMTP host was actually set
up with at least some admin doing it the right way. If they can't be
bothered to set that up, why should you bother to
I saw the problems starting around 09:30 Eastern and continuing past 17:00.
Looking through ticket notes I had missed when writing my previous reply it
seems that a fix was confirmed around 22:30 which involved a faulty piece of
equipment being replaced. I do not have specifics on what went
How about Endian Firewalls ?
--
Eduardo Schoedler
Sent via iPhone
Em 09/11/2011, às 16:16, Dennis Burgess dmburg...@linktechs.net escreveu:
Another alternative is RouterOS/MikroTik. Plenty of high end solutions
and low end.
---
Yes!
Yesterday, from 9AM-10AM PST, I had a Qwest client transiting Level3 where
traceroutes were working, but sip registrations were not. They were leaving
fine, but not being received on the destination side.
Then at 10AM-2PM PST, same client, registrations and invites were now working,
but
On Wed, 09 Nov 2011 08:00:01 CST, Joe Greco said:
On Wed, Nov 09, 2011 at 03:32:45PM +0300, Alex Nderitu wrote:
An important feature lacking for now as far as I know is content/web
filtering especially for corporates wishing to block
inappropriate/time wasting content like
On Wed, Nov 9, 2011 at 1:47 PM, Jay Nakamura zeusda...@gmail.com wrote:
So my questions is, is it possible there is some kind of filter at
Qwest or Level 3 that is dropping traffic only for udp 5060 for select
few IPs? That's the only explanation I can come up with other than
I ran into
On 09/11/2011 19:07, C. Jon Larsen wrote:
put the main portion of the conf in subversion as an include file and
factor out local differences in the configs with macros that are defined in
pf.conf
Easy.
As I said, it's not a pf problem. Commercial firewalls will do all this
sort of thing off
- Original Message -
From: Jeff Wheeler j...@inconcepts.biz
On Wed, Nov 9, 2011 at 1:47 PM, Jay Nakamura zeusda...@gmail.com
wrote:
So my questions is, is it possible there is some kind of filter at
Qwest or Level 3 that is dropping traffic only for udp 5060 for select
few IPs?
On Nov 9, 2011, at 2:45 PM, Jeff Wheeler wrote:
On Wed, Nov 9, 2011 at 1:47 PM, Jay Nakamura zeusda...@gmail.com wrote:
So my questions is, is it possible there is some kind of filter at
Qwest or Level 3 that is dropping traffic only for udp 5060 for select
few IPs? That's the only
This is excellent news, John and I encourage you and the folks at Comcast
to keep up the good work.
I wait with baited breath for the day I can move my business class connection
to IPv6.
Owen
On Nov 9, 2011, at 8:54 AM, Brzozowski, John wrote:
This is not all we are pursuing, it is part of
In message 41f6c547ea49ec46b4ee1eb2bc2f341849f82d4...@exvpmbx100-1.exc.icann.o
rg, Leo Vegoda writes:
Mark Andrew wrote:
[...]
That said though the PTR-forward-PTR check is a proper check and a
really great way to figure out if the source SMTP host was actually set
up with at least
On Nov 9, 2011, at 11:58 AM, Livingood, Jason wrote:
On 11/9/11 11:54 AM, Blake T. Pfankuch bl...@pfankuch.me wrote:
This appears directed at the Home market. Any word on the Business Class
market even as a /128?
Business Class is coming later. It won't hurt to contact the Business
Larry Blunk wrote the following on 11/3/2011 12:47 PM:
On 11/02/2011 05:57 PM, Matt Chung wrote:
I work for a regional ISP and very recently there has been an influx of
calls reporting slowness when accessing certain websites (i.e
google.com/voice/b) via HTTP. After performing a tcpdump and
Jay Nakamura wrote the following on 11/9/2011 12:47 PM:
We ran into a strange situation yesterday that I am still trying to
figure out. We have many VoIP customers but yesterday suddenly select
few of them couldn't reach the SIP provider's network from our
network.
I could traceroute to the
On 11/09/2011 06:32 AM, Brzozowski, John wrote:
Update from http://www.comcast6.net
IPv6 Pilot Market Deployment Begins
Wednesday, November 9, 2011
Comcast has started our first pilot market deployment of IPv6 in limited areas of California and
Colorado. This first phase supports directly
It may also be related to QoS policy inside the carriers.
Some time ago I've seen exactly the same symptoms with Verizon when sip
signaling
was sent marked as EF. Remarking it down to CS1 or CS3 (don't remember exactly)
solved the problem.
Michael
On Wednesday 09 November 2011 13:47:37 Jay
On 11/9/2011 08:58, Livingood, Jason wrote:
On 11/9/11 11:54 AM, Blake T. Pfankuchbl...@pfankuch.me wrote:
This appears directed at the Home market. Any word on the Business Class
market even as a /128?
Business Class is coming later. It won't hurt to contact the Business
Class sales
I just removed the route to our other provider and traffic is going
out Qwest again. The problem seems to be gone now. As others had
similar problems during the same period using Qwest, it must have been
some strange issue with Qwest.
On Wed, Nov 9, 2011 at 1:47 PM, Jay Nakamura
On 11/9/2011 4:45 PM, Blake Hudson wrote:
I'm not sure how an IP transit provider (who should be providing
routing/switching) screws up transport layer connections - looks like
they are arbitrarily managing client data. Just my $0.02.
With today's routers, all sorts of weird things can go
1) The concept of Inter-RIR transfers is a bad idea. Insuring
compatible rules between RIR's will always be difficult at
best.
no need to coordinate rules/policies at all. what we suggested in a/p
three years back was simple. seller must abide by seller's local
selling policy and
57 matches
Mail list logo