[MLUG] [ot] Looking for high performance open source firewall
Nicholas Accad
nicholas at accad.org
Wed Dec 17 14:19:07 EST 2008
Just hire a monkey and teach him to hit THE BIG RED BUTTON
On Wed, Dec 17, 2008 at 2:15 PM, David Filion <david at filiontech.com> wrote:
> Alexandre Teixeira wrote:
>> Try Netfilter (IPTables) with Ethernet bonding driver of Linux in
>> order to increase your throughput. If you don't like big commands and
>> scripting maybe you can use Firewall Builder or this:
>> http://www.iptablesfirewall.com/ss.php (never tested yet).
>>
>> Cheers
>>
>> Alexandre
>>
> <snip/>
>
> Right now I'm not concerned with bandwidth (our ISP is always willing to
> give us more). The problem is the volume of SYN packets. Unfortunately
> iptables doesn't contain a synproxy. FeeBSD/OpenBSD support pf which
> does have a synproxy, but it doesn't support bridged interfaces so back
> to square one. (I don't know, maybe a synproxy on a bridged interface
> isn't even possible?)
>
> I should mention that I'm not currently under attack. Been there, done
> that. I'm looking for ways to limit any future damage without spending
> incredible amounts of money.
>
>
> David
>
>
> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>
More information about the mlug
mailing list