[ale] [OT]FreeBSD Resources

Kenneth W Cochran kwc at TheWorld.com
Wed Feb 25 16:08:10 EST 2004

>To: Atlanta Linux Enthusiasts <ale at ale.org>
>Subject: Re: [ale] [OT]FreeBSD Resources
>From: Fletch <fletch at phydeaux.org>
>Date: Wed, 25 Feb 2004 15:57:56 -0500
>>>>>> "Kenneth" == Kenneth W Cochran <Kenneth> writes:
>    Kenneth> Building Linux and OpenBSD Firewalls, by Wes Sonnenrrich
>    Kenneth> & Tom Yates John Wiley & Sons, (c)2000 ISBN 0-471-35366-3
>    Kenneth> Seems to be aging a bit (don't think it talks about the
>    Kenneth> "new" pf for example) but it's still very good.
>There've been a whole lot of changes to OpenBSD in general and the
>firewalling code (PF now rather than ipf which is what this book
>covers) in particular since this book was written back in the 2.x
>days, and it covers ipchains not iptables on the Linux side.

Ya...  I guess I should've s/aging a bit/ancient/ :)

>Admittedly it does cover basic philosophy pretty well (i.e. that which
>is not explicitly allowed is forbidden) but probably isn't of much
>practical use unless you're still running RedHat 6.2 (and you probably
>could find a more up-to-date book with the same general info).

Indeed...  My reference was to basic philosophy as opposed
to specific implementation(s).

>And for firewall use I'd definately go with OpenBSD as PF has some
>really slick stuff in it post-3.4 (Randal Schwartz had some neat rules
>which used the built-in passive OS identification code to shunt all
>SMTP traffic from Windows machines into a 56k rate-limited queue,
>leaving the rest of his 1M bandwidth free for non-MyDoom generated

Wooo, cool!

I guess my original post was to clarify someone's reference
to that book, hopefully to not start a flamewar (e.g. just
answer the question and/or clarify somthing).


More information about the Ale mailing list