Re: snort and PF
Siju, This question is more suited at the snort-users list (search the archives). In any case, snort 2.1 is good enough (actually the best) book to use 2.4. You might also want to read the docs at snort.org. _Raju On 8/25/05, Siju George [EMAIL PROTECTED] wrote: Hi, I 've been using PF on OpenBSD for quite sometime now and I want to use http://www.thinknerd.org/~ssc/wiki/doku.php?id=snort2pf or snort2c Actually the link to the snort2c program homepage on Undeadly http://www.undeadly.org/cgi?action=articlesid=20050505234022mode=expanded is not available now. Could someone please tell me where I can find Snort2C. also please some one who uses it can you give some feed back on it?? The present version of snort is 2.4 but the book available in amazonin for 2.1 http://www.amazon.com/exec/obidos/tg/detail/-/1931836043/qid=1124943725/sr=8-1/ref=pd_bbs_1/104-1266763-4190332?v=glances=booksn=507846 is Snort 2.4 very different from snort 2.1?? or is that book good enough??? Thankyou so much kind regards Siju -- May the packets be with you.
Re: AIM connection issues
No pf.conf == No Answer. Sanitize and post your pf.conf. _Raju On Fri, 25 Mar 2005 13:03:38 -0500, florian mosleh [EMAIL PROTECTED] wrote: Hello, I have a new firewall in development for the college i work at. I have tried extensively googling this issue in various ways and have not managed to find anything that seems pertinent. Essentially, the problem I'm having is that a client that connects to the internet through the new firewall (pf on openbsd 3.6) has problems establishing a connection to AIM (login.oscar.aol.com). I have performed severl ethereal packet sniffing sessions and can confirm that there is a successful connection established between the server and the client and then it just drops. Usually after about an hour or two of stubborn retrying and waiting it eventually works. Are there any possible pf configuration snafus that could be at fault? The only other factor that I see as possibly contributing to the problem (i'm not sure how) is that the internet connection is a set of 4 bonded t1s, but I've been given the impression that this shouldn't make a difference. Thanks. -- Florian Mosleh Network Admin. Support Manager Capitol College 301.369.2800 ext.2040 800.950.1992 ext.2040 This message was sent using IMP, the Internet Messaging Program. -- May the packets be with you.
Re: Good HFSC explanation
No explanations, but this worked for me on google to get configs [HFSC pf filetype:conf] _Raju On Fri, 11 Feb 2005 15:39:17 +, Bob [EMAIL PROTECTED] wrote: Is there a clear HFSC explanation somewhere, with real simple examples? Preferably that apply directly to PF which uses three SC types, not two. I've found plenty of documents, but they're all high-level overview slideshows that are a bit hard to fathom. -- Bob -- May the packets be with you.
Re: Linux port of pf
GPL is for those fake-pretend-free types and you really can't get more freer than the BSD license. In either case, PF/OpenBSD in my opinion cannot be beat in all aspects. You should consider give it a try. _Raju On Wed, 20 Oct 2004 00:06:43 +0200, Ed White [EMAIL PROTECTED] wrote: On Tuesday 19 October 2004 22:08, Ed wrote: Has anyone ported pf for use on linux kernels? I like the firewall so much I want to use it on the debian systems. ..and maybe releasing it under GPL... -- May the packets be with you.
OpenBSD PF in the Enterprise?
I have been having trouble convincing some suits aka Management for a 1500+ employee company to migrate from Checkpoint to PF. Taking into fact that the company is the process of debt-restructuring aka chapter 11, cost-cutting is vital for all IT needs. Hence, I am putting in a case switch to PF. Anyone running OpenBSD PF as the primary firewall for large mid-large orgranizations? If so what type of hardware, setup, etc. Just curious.. Thanks, _Raju -- May the packets be with you.
Re: OpenBSD PF in the Enterprise?
Thanks to everyone for your replies. I am setting up a demo with two boxes Pentium4 2.8GHZ with 1GB of RAM as a PF (CARP/Pfsync) cluster (I run soekris at home). Hopefully able to right a case study on migration. I think we need more documents in case study format from a business perspective to help PF. Cheers _Raju On Mon, 20 Sep 2004 12:44:13 -0400, Clinton Sigmon [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i built a openbsd pf fw for the IT group in my company hardware - p3 667or700mhz, 256MB M Raju wrote: | I have been having trouble convincing some suits aka Management for a | 1500+ employee company to migrate from Checkpoint to PF. Taking into | fact that the company is the process of debt-restructuring aka | chapter 11, cost-cutting is vital for all IT needs. Hence, I am | putting in a case switch to PF. | | Anyone running OpenBSD PF as the primary firewall for large mid-large | orgranizations? If so what type of hardware, setup, etc. Just | curious.. | | Thanks, | | _Raju - -- clint Cryptek, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3-nr1 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBTwjcVkndS5aaU3sRApn6AJ9475nDyb7SqsKw8uzkf90lJD+HSACffTNN wBmRWZVU+4P5XMzaCOaDqO4= =YfLW -END PGP SIGNATURE- -- May the packets be with you.
Re: OpenBSD PF in the Enterprise?
Personally, I'm happy with the developers focusing on code. Absolutely. On Mon, 20 Sep 2004 14:27:36 -0400 (EDT), [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Thanks to everyone for your replies. I am setting up a demo with two boxes Pentium4 2.8GHZ with 1GB of RAM as a PF (CARP/Pfsync) cluster (I run soekris at home). Hopefully able to right a case study on migration. I think we need more documents in case study format from a business perspective to help PF. We'll all be happy to read your final document. Personally, I'm happy with the developers focusing on code. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- May the packets be with you.
Re: OpenBSD PF in the Enterprise?
Vadium, Thanks. I once used FWbuilder to train some of the CLI challenged Cisco PIX admins who do level-1 support. I need to look at again and see what has improved for CP. I will be in touch. _Raju On Mon, 20 Sep 2004 11:26:12 -0700, Vadim Kurland /r/ [EMAIL PROTECTED] wrote: Raju, you could try Firewall Builder ( http://www.fwbuilder.org ). Transition from checkpoint may be easier since its interface looks similar and there is also conversion script cp2fwbuilder The script is old and produces XML file in a outdated format, but I can help you convert it. Using the script is still faster than recreating everything manually. --vk - Firewall Builder: http://www.fwbuilder.org/ On Sep 20, 2004, at 10:45 AM, M Raju wrote: Thanks to everyone for your replies. I am setting up a demo with two boxes Pentium4 2.8GHZ with 1GB of RAM as a PF (CARP/Pfsync) cluster (I run soekris at home). Hopefully able to right a case study on migration. I think we need more documents in case study format from a business perspective to help PF. Cheers _Raju On Mon, 20 Sep 2004 12:44:13 -0400, Clinton Sigmon [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i built a openbsd pf fw for the IT group in my company hardware - p3 667or700mhz, 256MB M Raju wrote: | I have been having trouble convincing some suits aka Management for a | 1500+ employee company to migrate from Checkpoint to PF. Taking into | fact that the company is the process of debt-restructuring aka | chapter 11, cost-cutting is vital for all IT needs. Hence, I am | putting in a case switch to PF. | | Anyone running OpenBSD PF as the primary firewall for large mid-large | orgranizations? If so what type of hardware, setup, etc. Just | curious.. | | Thanks, | | _Raju - -- clint Cryptek, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3-nr1 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBTwjcVkndS5aaU3sRApn6AJ9475nDyb7SqsKw8uzkf90lJD+HSACffTNN wBmRWZVU+4P5XMzaCOaDqO4= =YfLW -END PGP SIGNATURE- -- May the packets be with you. -- May the packets be with you.
Re: OpenBSD PF in the Enterprise?
Have not had an opportunity to test, but I am curious if the site-to-site CP VPN will work with OpenBSDs' IPSec implementation. Unless CP really screwed up the RFC, I would thing it would not be a problem. Cisco PIX IPSec (both gateway/road warrior) configurations seem to worth with 3.5 so far. _Raju On Mon, 20 Sep 2004 16:05:10 -0400 (EDT), Rick Aliwalas [EMAIL PROTECTED] wrote: On Mon, 20 Sep 2004, M Raju wrote: I have always stressed to Clients the ease of configuration, management, of course the security of OpenBSD, combined with the power PF beats PIX and CP out the water. Although some hardcore commerical junkies are simply in self-denial or maybe job security?:-) The commercial firewalls come and go but the BSD firewalls will still be around. Funny because the Nokia appliances we have running Checkpoint use BSD as their underlying o/s. I was in a position to possibly replace some Checkpoints w/ pf. I did discover that they had set-up some VPN between us and remote vendor's Checkpoints. I'm not sure how trivial it would be to connect an OpenBSD VPN to Checkpoint. They might be doing something proprietary that would force Checkpoint on both sides. Something to consider... Godd luck! -rick _Raju On Mon, 20 Sep 2004 14:29:05 -0400 (EDT), Rick Aliwalas [EMAIL PROTECTED] wrote: On Mon, 20 Sep 2004, M Raju wrote: I have been having trouble convincing some suits aka Management for a 1500+ employee company to migrate from Checkpoint to PF. Taking into fact that the company is the process of debt-restructuring aka chapter 11, cost-cutting is vital for all IT needs. Hence, I am putting in a case switch to PF. Anyone running OpenBSD PF as the primary firewall for large mid-large orgranizations? If so what type of hardware, setup, etc. Just curious.. The company I work for has many FreeBSD/OpenBSD servers in production. Last July, we went live with our first OpenBSD/CARP firewall pair. I installed a late snapshot of 3.5 on a pair of Dell 1750's and it went without a hitch. I'm currently building 3 more pairs for another project. I feel your pain. We run a big portion of our infrastructure on BSD and always have to defend it. In your justification, be sure to highlight the merits of OpenBSD/pf. No one uses OpenBSD because it is free. They use it because it works. In terms of stability, flexibility, security, ease of administration and management it works far better than our PIX's and Checkpoints - at least in our environment. -rick -- May the packets be with you. -- May the packets be with you.