whats that supposed to mean?Quote:
Do you know what you are using?
Printable View
whats that supposed to mean?Quote:
Do you know what you are using?
“I use @#$&^ Firewall – it's a gud 'n and it ain't ever let me down.” :)
Anyway...I'm of the mindset that names do not equate to shinola anymore, type selection should be based on particular need(s). Define your needs and what services you are willing to put on the line, support with layered defense, etc., etc. (Already tutorials on that....)
cheers
Obviously being subtle isn't working here.
From one of the links I provided:
Did you rewrite Netfilter and iptables for use on BSD? Iptables is for Linux, ipfw ( IPFIREWALL ) is one of the available firewalls on FreeBSD.Quote:
iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset.
------------------------
I am more in keeping with Relyt's comments in my actual practice.
I use firewalls on all my machines, ( including LAN ) even though I try to lock them down. My feeling is that if something does get onto one of them the firewalls may help prevent the spreading to others.
I use Netfilter ( iptables ) on all the linux machines. The perimeter firewall is a stripped down, locked down linux box. I configure them directly, writing rules by hand and don't use GUIs or helpers to configure them. ( why, because I understand it, can configure and customize it to exactly my needs, and it does what I want. )
I use PF on my BSD boxes.
The only one of the choices listed in the poll above which I use is Zone Alarm ( free version mostly ) on some windows machines. Why? Because it is easy for those that use those computers to understand it and use it properly.
I had problems with ZA years ago when XP first came out, switched to Tiny, then found "leakage" which I was uncomfortable with. Although I did notify the maintainers, by this time ZA was working well with XP so I switched back. Haven't tried Tiny since.
I also use the firewall that comes with PC-cillin Internet Security on a few windows boxes, but it is harder to use and set up so I have to watch who will be using the computers. ( If they don't understand it there is a good chance they will either misconfigure it, allow something through they did not intend to, or just get frustrated and shut it off. )
I agree with others in the thread on creating your own in *BSD or Linux (IPTables or PF).
It has allowed me to learn a great deal about how a firewall operates, how *BSD and Linux operate, and it was just interesting all around.
Hope that helped
toxic.influx
Cisco PIX
At work we use watchguard x700's as gateways and blink from eEye for desktops.
http://www.watchguard.com/products/core.asp
http://www.eeye.com/html/products/blink/index.html
The X700's are basically customized linux boxes, are extensible easily maintainable and offer several flavours of VPN...we use both branch office and Mobile user
blink provides desktops with application and system level softFireWalls as well as antispyware, antiphishing and "Protocol based intrusion prevention" which basically offers zero day protection
At home, a watchguard SOHO and an f-secure suite from my cable provider
btw..i thought it was interesting that all (i think) of the firewalls listed in the poll were software based...
personally(and professionally actually) I'd never rely on a single point of defence...multiple layers is what keeps the bad guys at bay (mostly)
I use a layered approach.........an external device and a piece of software on the machine.
Depends on the environment
MLF
Ditto. I use both hardware and software firewalls in layers. The software firewall I use the most is Ghostwall; simple and very effective.Quote:
Originally posted here by morganlefay
I use a layered approach.........an external device and a piece of software on the machine.
Depends on the environment
MLF
Good topic, though. Some firewalls I never heard of popping up here.
Joe
Both at home and work I used ipfw for a while, but now use a linux firewall with iptables, Iproute2 QoS and L7 filtering..
The Layer7 filtering combined with QoS and iptables allows for traffic shaping and filtering on protocol and much more (regex)..