[rescue] SGI fw_sshd and security

Mike F lists at ibrew.net
Fri Mar 5 15:10:33 CST 2004

Bill Bradford wrote:
> On Fri, Mar 05, 2004 at 01:42:46PM -0500, Dave McGuire wrote:
>>  A firewall should be a separate machine.
>>  I'd use something like a small Alpha or a SPARCstation running either 
>>NetBSD or OpenBSD.
>>         -Dave
> I'd kill for a pf "port" to Solaris, but I have to live with ipfilter for
> now. 8-(
> Bill

I'll emphatically second that :) pf is the reason my firewall
is an OpenBSD/sparc machine. IPFilter is very nice, don't get me
wrong, but it seems like bugs are always popping up, whereas pf
has been very stable and almost totally bug-free. Not to mention
the feature advantage pf has over IPFilter, such as macros.

More information about the rescue mailing list