[ale] [OT]FreeBSD Resources

Fletch fletch at phydeaux.org
Wed Feb 25 15:59:11 EST 2004

>>>>> "Kenneth" == Kenneth W Cochran <Kenneth> writes:


    Kenneth> Building Linux and OpenBSD Firewalls, by Wes Sonnenrrich
    Kenneth> & Tom Yates John Wiley & Sons, (c)2000 ISBN 0-471-35366-3

    Kenneth> Seems to be aging a bit (don't think it talks about the
    Kenneth> "new" pf for example) but it's still very good.

There've been a whole lot of changes to OpenBSD in general and the
firewalling code (PF now rather than ipf which is what this book
covers) in particular since this book was written back in the 2.x
days, and it covers ipchains not iptables on the Linux side.
Admittedly it does cover basic philosophy pretty well (i.e. that which
is not explicitly allowed is forbidden) but probably isn't of much
practical use unless you're still running RedHat 6.2 (and you probably
could find a more up-to-date book with the same general info).

And for firewall use I'd definately go with OpenBSD as PF has some
really slick stuff in it post-3.4 (Randal Schwartz had some neat rules
which used the built-in passive OS identification code to shunt all
SMTP traffic from Windows machines into a 56k rate-limited queue,
leaving the rest of his 1M bandwidth free for non-MyDoom generated

Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
                      |  scary questions." -- Jules                =(___)=
                      |                                               U

More information about the Ale mailing list