[MLUG] [ot] Looking for high performance open source firewall
David Filion
david at filiontech.com
Wed Dec 17 14:15:16 EST 2008
Alexandre Teixeira wrote:
> Try Netfilter (IPTables) with Ethernet bonding driver of Linux in
> order to increase your throughput. If you don't like big commands and
> scripting maybe you can use Firewall Builder or this:
> http://www.iptablesfirewall.com/ss.php (never tested yet).
>
> Cheers
>
> Alexandre
>
<snip/>
Right now I'm not concerned with bandwidth (our ISP is always willing to
give us more). The problem is the volume of SYN packets. Unfortunately
iptables doesn't contain a synproxy. FeeBSD/OpenBSD support pf which
does have a synproxy, but it doesn't support bridged interfaces so back
to square one. (I don't know, maybe a synproxy on a bridged interface
isn't even possible?)
I should mention that I'm not currently under attack. Been there, done
that. I'm looking for ways to limit any future damage without spending
incredible amounts of money.
David
More information about the mlug
mailing list