On Sun, Apr 30, 2006 at 06:34:09AM -0700, S t i n g r a y wrote:
> Now what i want to know , maybe is O T in this list
> but what is the diffrence , i mean pf in openBSD is
> refered to as a firewall for home or small offices ?
> why is that , i mean what is the criteria of an
> enterprise firewall what is the diffrence between pf &
> MS ISA / cisco pix or checkpoint ?
> performance ? stability or features ?
>
> regards
pf is a fine packet filter, and is very useful in any situation, inside
and outside the big corporations. It can also do traffic
shaping/queueing via ALTQ.
It is not, however, an application-level proxy (Squid, Apache's
mod_proxy, ftp-proxy), an IDS (Snort), or high-availability system
(carp, the various routing daemons, some application-level proxies).
Finally, as pointed out, it doesn't have a snazzy GUI, though there are
some projects to provide one[1].
Joachim
[1] Whether or not that is actually a good idea is not relevant to this
discussion.
