[AusNOG] Application Firewall Recommendations

Jake Anderson yahoo at vapourforge.com
Fri Aug 9 13:53:13 EST 2013 

One thing to watch for with pfsense in VM's
I have had 2 instances where for no particular reason it soaks buttloads 
of host CPU in KVM.
Like 20mbit throughput = 120% CPU in a quad xeon 3ghz host.

Tried all sorts of different drivers and even added paravirt NIC's with 
no joy,
Dell R210 II and T210 hosts in both cases so there may be something there.

Outside of that pfsense is the stuff, 2.1 is in RC stage now, and I hear 
its IPv6 functionality is quite good.

On 09/08/13 13:38, Peter Tonoli wrote:
> +1 again for PfSense. Running it under KVM as a small VM to do NAT and 
> firewalling in an environment that's constrained for ipv4 addresses.
>
> Pretty much set and forget - very long uptimes as well.
>
> ------------------------------------------------------------------------
>
>     *From: *"David Walsh" <davow at onthenet.com.au>
>     *To: *ausnog at lists.ausnog.net
>     *Sent: *Friday, 9 August, 2013 1:29:45 PM
>     *Subject: *Re: [AusNOG] Application Firewall Recommendations
>
>     +1 PfSense
>
>
>     On 09/08/2013, at 1:26 PM, "Joshua D'Alton" <joshua at railgun.com.au
>     <mailto:joshua at railgun.com.au>> wrote:
>
>         pfsense is pretty hard to beat as a fairly full-featured
>         firewall, I've used it in a lot of situations that don't
>         warrant the cost of a cisco or similar setup. Works
>         brilliantly in a VM as well.
>
>
>         On Fri, Aug 9, 2013 at 10:27 AM, Alex Samad - Yieldbroker
>         <Alex.Samad at yieldbroker.com
>         <mailto:Alex.Samad at yieldbroker.com>> wrote:
>
>             Hi
>
>             So what is the current industry thought on using VM
>             firewalls. And to take that further what is the thought of
>             using a plan OS for a firewall, thinking Linux or BSD.
>
>             Alex
>
>
>
>
> -- 
> Peter Tonoli < peter at medstv.unimelb.edu.au > +61-3-9288-2399
> IT Manager
> The University of Melbourne - Eastern Hill Academic Centre, St. 
> Vincent's Institute and O'Brien Institute
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130809/657136ca/attachment.html>

More information about the AusNOG mailing list