why is freebsd a good choice for a firewall ?

Roger Hardiman roger at cs.strath.ac.uk
Wed Nov 29 19:57:30 GMT 2000


David Richards wrote:
> 
> I have been asked to write a report about a new firewall. I am thinking
> about using freebsd. Can somone give me some reasons why it is a good
> platform for a firewall?


Well we use FreeBSD for our router/dialup box/firewall.

It easy to install. We install over the network from the two boot
disks and then simply made a custom kernel with the firewall
added.

(I've never got the firewall loadable module to work
although in theory you could do it with kldload ipfw with a
generic kernel)


If you want to remove services like FTP, Telnet, you can
either take them out of inetd or just do not open
those ports in the firewall rules.

Firewall rules are easy to write and come with a large
set of options to log both passed packets and rejected
packets.

look at the ipfw man page for details.

It is part of the kernel and it is fast.
I stream video at 100 Meg through our firewall which is a
Pentium Pro 200 with no loss in throughput.

One last thing. Security.
It is easy to track -stabe with FreeBSD so when there are any
security updates, you can CVSup and make a new kernel quickly.


I've not used Firewall setups on other OSs so I cannot compare
to those.


Roger




More information about the Ukfreebsd mailing list