Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] looking for non-cisco router and firewall



> From: Discuss [mailto:discuss-bounces+blu=nedharvey.com at blu.org] On
> Behalf Of John Boland
> 
> my colo folks just notified me that the firewall and router we're using is
> subject to another set of exploits.
> the equipment we're using is no longer maintained and we're in the midst of
> changing colo providers.  the new colo provides firewall services. we've
> already setup the rules with them.
> in the meantime, i need something reasonably priced (i.e., cheap) to tide
> us over for the next couple of months.
> 
> for now, does anyone know if just dropping udp packets will mitidate this
> exploit?

I'm confused by several things - 

You have a question if dropping udp packets will mitigate this exploit. What exploit? Are you talking about a specific exploit?

For "reasonably priced," I would immediately suggest pfsense, but you said that entails learning curve, which suggests to me that you've never tried it. I would say there is zero learning curve to setup pfsense, until you start trying to do more advanced things with it, like openvpn or something like that. The only thing you need to know is: First connect the LAN side to a switch (or crossover cable) with your laptop. Install it from a CD or ISO or bootable USB or whatever. During install, assign a LAN IP address. Then browse to it via http or https from the laptop. All of this is explained by the bootable install media. Especially just for a couple of months, it seems silly to buy a new hardware firewall.

I would certainly say, that setting up pfsense is faster and easier than setting up any cisco device, even if you're a cisco expert who knows nothing about pfsense. It's just way, way easier.

You said you need 100Mbit externally and 1Gbit internally. This confuses me. If there's an upstream bottleneck of 100Mbit, then why do you need >100Mbit on the LAN side?



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org