What is your favourite/best firewall on FreeBSD and why?
Rainer Duffner
rainer at ultra-secure.de
Fri May 23 08:25:07 UTC 2014
Am Thu, 22 May 2014 15:50:23 -0700
schrieb Peter Wemm <peter at wemm.org>:
> The main source of pain we have is that the pf in FreeBSD doesn't do
> ipv6 fragment processing. We had to work around this because we have
> public facing DNS servers behind it and they have to deal with ipv6
> fragments.
Hi,
can you elaborate on this a bit more (without exposing the security of
the FreeBSD.org cluster)?
The reason I ask is that we're going to implement a new DNS soon'ish
and it will also need to serve IPV6.
It's planned to run pf on the nameservers directly. At least until we
have a commercial firewall that actually does IPV6 better than pf ;-)
Or is there information on the web about this, somewhere?
Thanks in advance
Rainer
More information about the freebsd-stable
mailing list