News Profile Code Photography Looking Glass Projects System Statistics Uncategorized
Present Location: News >> Blog >> pf

Blog
> pf
Posted by prox, from Charlotte, on October 05, 2005 at 23:27 local (server) time

So, in other news, pf rocks.

I've got a pf.conf on dax, the FreeBSD-based replacement for starfire, that (w/out counting whitespace or comments) is 20 lines long, compared to a 109 line iptables script on one of my Linux hosts.  Both firewalls are configured more or less identically, right now ...

The logging is nifty, too.  I log all denied packets by default, which include almost everything except ssh, identd, and tunnel stuff, right now.  A /var/log/pflog, which can be viewed w/tcpdump, is generated, along with a special pflog0 interface.  Nice and quick way of watching worm traffic.  I set up MRTG to graph it, but I'm not sure how well it's going to work in the long run.

Oh, yeah ... it's got a REAL IPv6 conntrack.

So, when's pf gonna get ported to Linux?</flamebait>

Comment by Mark Kamichoff [Website] on May 08, 2006 at 01:07 local (server) time

Ok, that MRTG for the pflog0 interface isn't working.  Bah.


> Add Comment

New comments are currently disabled for this entry.

XHTML 1.0 ValidCSS ValidRSS 2.0Powered by FreeBSDIPv4 This HTML for this page was generated in 0.001 seconds.