[asterisk-users] Best Firewall Suggestions?

[Michiel van Baak]

On 23:52, Tue 13 Oct 09, Hans Witvliet wrote:
> On Tue, 2009-10-13 at 14:42 -0500, Karl Fife wrote:
> > I think one of the very best options is pfSense.  Free Open-source,
> > but it's BSD based, rather than LINUX based.  As such it has a lower
> > risk of external exploits.  The user-interface makes it incredibly
> > simple to set up and maintain.  There is an embedded versions of it
> > available to run on affordable/reliable solid-state, diskless, fanless
> > Soekris/PCEngines embedded system boards.   
> >  
> > It's incredibly powerful, and It's ROCK SOLID. I find the traffic
> > shaping engine to work without a hitch.  PFSense can do anything you
> > want including VPN (PPTP, IPSec, OpenVPN), failover (Multi-WAN),
> > IDS/IPS (snort)
> >  
> > The NEWEST embedded version 1.2.3 rc3 (1.2.3-release is very close)
> > can run the sipproxd package as well as many other packages that
> > previously required the FULL version.  Goodbye one-way audio! :-)
> >  
> > -Karl 
> 
> pfsense with FreeBSD is a very powerfull combination, period.
> 
> However, it is compared with a 64-character password from a generator.
> Darn-difficult to use, and often written on a post-it and a plague for
> the help-desk (and thus a security risc in itself).
> 
> If you are familiar with BSD, good, fine. If not you probably are not
> aware that you're exposing yourself somewhere (if you got it working
> anyway).

A good *NIX admin will only need like 2 or 3 hours to get over it and
understand how BSD works when they work with linux.
That's how things work with the admins I have met.

In the end they all choose for the elegance and clean code and good
documentation of BSD before linux.
-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called users?"