[unisog] Suggestions for bridging firewall?

Roelof JT Jonkman roel at SiliconDefense.com
Tue Oct 29 00:33:16 GMT 2002


Linux + netfilter is good:

http://www.netfilter.org and you need the patch from
http://bridge.sourceforge.net to make netfilter work with the bridging
code. (It works well)
Additionally if you want fancier ethernet/mac level filtering you can
use ebtables: http://users.pandora.be/bart.de.schuymer/ebtables/
And you can throw in the advanced routing stuff, which makes for
quite a nifty feature full firewall/routing/bridging box.

OpenBSD is good too, less features than the Linux variety, but works

You don't need much of a powerhouse either to deal with 100Mbps,
a PIII of any sort is fine I'm sure. We used to do it on a PII-233,
running Linux 2.2.x (ITTC, University of Kansas)


> We're looking for a (stateful) bridging firewall to sit on the 100Mb/s
> connection between our department and the rest of campus, which is also
> our link out to the open internet.  Normally, our 15-min traffic
> average on this connection is less than a few Mb/s, but occasionally we'll
> burst up to 60Mb or so.  Does anyone have any recommendations for
> solid, easy-to-use products?
> I have played around with a Linux box and iptables, but maybe a
> commercial appliance would be easier to use and more feature-ful.  Any
> insight would be greatly appreciated!

More information about the unisog mailing list