I have been using BSD's IPFW for a while. I don't really like the way it handles FTP, among other things. My IPFW is configured in a 3-way bridge (NIC1 to ISP feed 1, NIC 2 to ISP feed 2 and NIC 3 to internal network) NIC1/NIC2 are in an active/passive HSRP config.
Does/Can UFW work this way? I want to have this box be a dedicated firewall doing packet filtering without the overhead of NAT. If I have 100 machines behind it I may want 22 open on all and 21 open on one, etc.
The UFW wiki makes sense, but it seems to be focused on protecting the machine that UFW is running on or using NAT.
Thoughts, direction?
Bookmarks