On 11/09/2011 03:22 PM, Richard Kulawiec wrote:
You will find it very difficult to beat pf on OpenBSD for efficiency, features, flexibility, robustness, and security. Maintenance is very easy: edit a configuration file, reload, done.
An important feature lacking for now as far as I know is content/web filtering especially for corporates wishing to block inappropriate/time wasting content like facebook. Addition of this would place it a par with the best like Sonicwall and Fortinet.
I would probably disagree with Richard's statement; most organizations are looking for something that's a little more of a product/appliance and a little less of a one-off solution/generic UNIX box. That having been said, if you AREN'T put off by "edit a configuration file", then maybe you won't be put off by "install Squid, add squidGuard (IIRC), and configure transparent proxying" and you're pretty much all the way there. Oh, and you get caching acceleration for free. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.