[rescue] SGI fw_sshd and security
Mike F
lists at ibrew.net
Fri Mar 5 15:10:33 CST 2004
Bill Bradford wrote:
> On Fri, Mar 05, 2004 at 01:42:46PM -0500, Dave McGuire wrote:
>
>> A firewall should be a separate machine.
>> I'd use something like a small Alpha or a SPARCstation running either
>>NetBSD or OpenBSD.
>> -Dave
>
>
> I'd kill for a pf "port" to Solaris, but I have to live with ipfilter for
> now. 8-(
>
> Bill
I'll emphatically second that :) pf is the reason my firewall
is an OpenBSD/sparc machine. IPFilter is very nice, don't get me
wrong, but it seems like bugs are always popping up, whereas pf
has been very stable and almost totally bug-free. Not to mention
the feature advantage pf has over IPFilter, such as macros.
More information about the rescue
mailing list