I, too, am an advocate for pf but I have to learn iptables for customer's firewall. At first the iptables syntax was confusing but I'm finding it similar to pf syntax. I think Openbsd/pf has the edge in opensource firewall due to CARP/pfsync allowing for redundancy. I'm currently checking this cool IDS called fwsnort that works well with iptables. Has anyone played with this and care to share your experiences. Thanks.
|