Contributed by jl on from the yin-yang dept.
Please help test these changes for the upcoming 4.3 release of OpenBSD. If you are running carp(4) with ARP or IP balancing you'll have to change your configuration:
- Multiple carp(4) interfaces sharing an IP have been replaced with the carpnodes option
- The net.inet.carp.arpbalance sysctl has been replaced with balancing mode arp.
- The LINK0,1,2 flags used for IP balancing have been replaced with the balancing modes ip, ip-stealth and ip-unicast.
(Comments are closed)
By cameronsto (165.2.186.10) on cameronstokes.com
OpenBSD/pf/carp is an incredible firewall platform, and these additions only add to its capabilities.
-cameron
Comments
By Terrell Prude' Jr. (151.188.247.104) tprude@cmosnetworks.com (this is a spamtrap address) on http://www.cmosnetworks.com/
>
> OpenBSD/pf/carp is an incredible firewall platform, and these additions only add to its capabilities.
>
> -cameron
You're right, it is. Like many others, I use PIXes and ASA's from Cisco at work. OpenBSD is certainly a drop-in replacement for a PIX or ASA, with fewer problems, and that is Free Software. If I could replace every PIX or CheckPoint firewall installation that I see with an OpenBSD solution on some good, fast hardware, I wouldn't hesitate.
There's only one thing I can think of that OpenBSD doesn't do that Cisco's PIX/ASA does, and that's talk to Websense. The protocol is proprietary. Of course, there are several other ways to filter Web access, so this is hardly a show-stopper. Rather, it's a cheap excuse. Sadly, Websense has "mind share" with not just those who control the corporate checkbook, but also the army of MCSE's that are scared of Freedom. "BSD?! Sorry, we don't do Linux here, we're a Windows shop!"
--TP
Comments
By Anonymous Coward (24.37.242.64) on
> >
> > OpenBSD/pf/carp is an incredible firewall platform, and these additions only add to its capabilities.
> >
> > -cameron
>
> You're right, it is. Like many others, I use PIXes and ASA's from Cisco at work. OpenBSD is certainly a drop-in replacement for a PIX or ASA, with fewer problems, and that is Free Software. If I could replace every PIX or CheckPoint firewall installation that I see with an OpenBSD solution on some good, fast hardware, I wouldn't hesitate.
>
> There's only one thing I can think of that OpenBSD doesn't do that Cisco's PIX/ASA does, and that's talk to Websense. The protocol is proprietary. Of course, there are several other ways to filter Web access, so this is hardly a show-stopper. Rather, it's a cheap excuse. Sadly, Websense has "mind share" with not just those who control the corporate checkbook, but also the army of MCSE's that are scared of Freedom. "BSD?! Sorry, we don't do Linux here, we're a Windows shop!"
>
> --TP
"BSD?! Sorry, we don't do Linux here, we're a Windows shop!"
lol, isn't that so true. It just gives me the chizelnitches when they say that, thinking it's yet another fragment of Linux - shows how smart they are in the IT industry, as a whole.