[AusNOG] Gateway Router firewall

[Glenn Hocking]

Thanks for all the responses regarding gateway router/firewall software. I investigated them all :-)

For my situation I am going to try out pfSense, it seems to have come a long way since I last tried 
it. It seems to do everything I need, plus the CARP redundancy looks great! My hand rolled perl 
scripts to achieve gateway device failover do cause me some anguish.

I currently use or have played with many of the packages listed but the following pfSense features 
URL does state that 'Packages: Some are in beta stage'. The primary package that I will need under 
pfSense is the OpenBGPD. I currently use Quagga bgpd.

Does anyone have any comments of current pfSense additional package use? such as what to use, what 
to steer clear from? Should I install only what is needed or its resilient and packages can be 
easily installed, played with and removed without issues even in a production environment. I do test 
obviously first, but test environments are never conclusive.

https://doc.pfsense.org/index.php/Features_List

The end result of this is to have reliable gateways that other engineers can also manage ad hoc and 
for me to be able to sleep peacefully at night. I'll post me results of this exercise if other wish.

Cheers

Glenn Hocking | Managing Director
Woosaw Pty Ltd | www.woosaw.com.au
Sydney Office: +612 8090 3441 | Mobile: 0420 942 641
PO Box 391 │ Pyrmont NSW 2009  | Australia

On 10/01/2017 11:55 AM, Glenn Hocking wrote:
> Hi All
>
> For many years been using hand rolled router/firewall boxes for my hosting network gateways. Time
> for an upgrade but still want the flexibility of Linux based systems. Just wondering what others
> like in this area and recommend as assume there should be some good hardened preconfigured systems
> available now. Prefer open source Linux and free.
>
> What I currently use is,
>
> OS: Debian Linux
> BGP: quagga
> Firewall: iptables
> Load balancing and HA: ipvsadm + perl
> Monitoring: ipt_netflow + nfsen
>
> Cheers
>