RE: Feedback on IPFW

["Freddie Cash" <fcash () bigfoot com>]

> Hello,
 
> I am currently evaluating FreeBSD(4.4)/IPFW and would like to receive
> feedback from experimented users, so good news and bad news are very
> welcomed.

We've been using IPFW/NATd on FreeBSD 4.1-4.4 for the past two years in 
the local school district.  Every high school has their own box, as well 
as the admin sites.  They are all connected via VPNs (using pipsecd) to 
the board office.  This allows connections to the Novell servers as 
NetWare does not play nice with NAT unless using Novell BorderGuard.

The only problem we've encountered so far is running out of buffer space 
on the 3COM 3c509 ISA cards during packet storms from Nimda/Code Red and 
the like.  Fortunately, it only kills the internal card and we are able 
to connect and reset the card remotely.

IPFW has a very nice and easy syntax and also has a very clean log 
style.  We haven't used it yet, but IPFW has the ability to shape 
traffic and restrict traffic flow using dummynet.

In short, we're extremely happy with it.  :)

Cheers,
Freddie                 PhoenixTek Consulting
fcash () bigfoot com    Unix / Networking Services
                        (250) 314-4029

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards