[FUG-BR] OFF-TOPIC Fwd: BSD firewalling, pfSense and m0n0wall: Chris Buechler and Scott Ullrich

William Armstrong biosystems em gmail.com
Qua Maio 24 21:29:05 BRT 2006


Sei que é  off topic mas  para quem não conhece alguma destas soluções
de  Firewal essa é uma boa oportunidade de testar .

---------- Forwarded message ----------
From: Alex Moura <alexsm at gmail.com>
Date: 24/05/2006 20:17
Subject: BSD firewalling, pfSense and m0n0wall: Chris Buechler and Scott Ullrich
To: Fabricio Lima <contato at fabriciolima.com.br>, William Armstrong
<biosystems at gmail.com>


Diretamente do blog da Dru Lavigne, suas anotações e os slides da
palestra sobre o pfSense, por seus autores:
http://pfsense.org/bsdcan/BSDCan2006.pdf

 http://blogs.ittoolbox.com/unix/bsd/archives/bsdcan-day-2-9278?sp=CM
BSD firewalling, pfSense and m0n0wall: Chris Buechler and Scott Ullrich

This was the conference talk that made me wish I had time to go home
and play with pfSense. It's definitely towards the top of my list of
things to try and a potential future article. The slides from the talk
are available here.

Chris and Scott are two of the committers for this project which is a
fork of the m0n0wall project. They began by discussing the various BSD
firewalling options (ipfw, ipf, pf) and the features found in each.
They then described the features found in m0n0wall which is a
user-friendly, feature-rich gui front end to FreeBSD 4.11 running IPFW
and dummynet. m0n0wall was founded by
Manuel Kasper and is a good choice for embedded systems (e.g. you want
a project for your Soekris).

pfsense is based on FreeBSD 6.1 and pf and was designed for PC
architecture. See their FAQ: Why the fork?.

Here are the rest of my notes:

they hesitated setting up a web forum but its the best thing they
could have done (it is better than mailing lists in quality of
posters)
male to female ratio of posters 65:1
pfSense supports RADIUS, upgrades via webGUI, CARP, PFSync, XML
configuration sync between master and backup hosts for a single point
of administration for a firewall cluster, PPPoE server, themes, setup
wizard, OpenVPN
provides integrated install of packages: doorman, ntop, squid, spamd,
pfflowd, assp, arpwatch, freeradius, ifdepd, sipproxd, stunnel,
widentd, iperf, nmap
recommend minimum 128 MB RAM
developers edition: can build all versions of pfSense with one command
embedded version: designed for 64 MB compact flash and 128 MB RAM;
read-only environment and only mounts the flash device r/w as required
(to save configurations); currently no package support (it's possible
but not officially supported)
CDROM version: stores config on removable media (flash, floppy); if
install on disk, need 50 MB of disk space and provides package support
CARP provides underlying failover and ease of administration via virtual IPs
pfSense allows you to convert inexpensive hardware into firewall clusters
wireless: supports Atheros, HostAP support, WPA supplicant (client)
support, turbo modes, OLSR for wireless meshing support
can safely install on top of an existing FreeBSD system
pkg_add comes with pfSense so can add own packageset
they had a chance to fix some bugs during BSDCan (advantage of devs
meeting together face to face
a Chicago based fortune 500 firm is using it with average of 450,000
entries in state table and hospital in Brazil is using 70% of OC3
pipe; it is still beta software so companies aren't yet willing to
advertise their usage of it


Upcoming features in version 1:


ability to set separate username/passwords per firewall and push
changes to desired firewalls
1.0 will have a vmimage; the current ISO detects vmware and changes
some sysctl MIBs to optimize firewall within guest
Scott showed screenshots of upcoming features; pfsense has builtin rrd graphing
Scott then demonstrated CoreGUIBuilder which allows you to drag and
drop to create custom screens and automatically generates required XML
code for you (this sounds a lot like the tool IBM was demonstrating at
PHPQuebec)
dynamic ajax log viewer so can view logs live in a GUI


Scott mentioned that he used Wink to create animated portion of
presentation. I've been looking for an Open Source solution but it
looks like there is only a Linux version. Has anyone else used this
program? If so, what are your thoughts on its usability?


-- 
-=-=-=-=-=-=-=-=-=-
William David Armstrong            <----.      Of course it runs
Bio Systems Security Networking    <----|==========================
Hinodeinfo Soluções em Informática <----' NetBSD, OpenBSD or FreeBSD
ICQ 27550645 MSN / GT  biosystems  gmail . com
--------------------------------------


Mais detalhes sobre a lista de discussão freebsd