Chapter 8. Firewalls

Firewalls are a network response to a software engineering problem.

—Steve Bellovin

Firewalls are a key part of any security infrastructure. Once viewed as a choke point at the very front end of a network, they are now liberally sprinkled around enterprises allowing for security administrators to enforce fine-grained access control to any asset. They are viewed as an enabling technology assisting businesses and individuals in performing activities in a secure and reliable fashion.

FreeBSD and OpenBSD make great platforms for firewall deployments. Through their stable development process, the BSDs can be configured in a very secure fashion. This is key, as a firewall is the nexus for many network-borne attacks and an insecure firewall makes for an insecure network. Further, the BSDs provide high performance networking that is fundamental to the scalability of a firewall. Firewalls can control access to many different networks at once, so it is critically important for a firewall to maintain low latency even under heavy load.

This chapter discusses configuration, deployment, and administration of FreeBSD and OpenBSD-based firewalls. It compares and contrasts the features available under each operating system as well as provides example configurations for common firewall scenarios. Finally, this chapter provides a solution for high availability architectures with these open source solutions.

Firewall Architectures

Firewalls are not a “one size fits all” device. ...

Get Mastering FreeBSD and OpenBSD Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.