help needed with firewalls
Results 1 to 5 of 5

Thread: help needed with firewalls

  1. #1
    Member
    Join Date
    Sep 2001
    Posts
    61

    help needed with firewalls

    i learned a little bit of packet filtering using ipchains in Red Hat Linux 7.1..is it possible to set up a perfect(or almost a good) firewall using ipchains that would stand up to other commercially available firewalls?if i were to use ipchains to protect a network where very critical and confidential work is being done,what are the chances that i will look like a big fool..
    by the way i have heard about checkpoint,raptor and PIX..other than that what are the other prominent firewalls in use..how would you guys rate their performance,ease of use,market preference and price?how are these firewalls different from ipchains?well i know a little bit,,like the fact that firewalls come in two flavours,one that operates at the network layer(like ipchains) and the other that operates at the application layer providing more control over the data that passes by..

    with regards
    scorpion

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    The main problem with IPChains is that is is not a stateful firewall, which means it does not keep track of active sessions in a state table. It simply blocks (or accepts) based on predefined parameters. IPTABLES took care of this problem because it is stateful, however, I personally think IPTABLES is more complex than it needs to be. I would recommend using IPF if you are going to stick to open source. For commercial firewalls, stick to Checkpoint or Cisco PIX.

    Just my recommendation...although everyone has their own opinion.

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    iNViCTuS is correct about IPF. My opinion on the enterprise firewall differs ever so slightly. I'd use Sunscreen in bridged mode, but it sounds to me like you want it free so stick w/IPF.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    ever so slightly? <wide grin>
    Trappedagainbyperfectlogic.

  5. #5
    Member
    Join Date
    Jul 2001
    Posts
    62
    I personally like IPTABLES, although complex you do have control. If you are currently using ipchains i would recommend a change no matter what your choice may be.
    For IPTABLES info i would check out "Linux Firewalls (second edition)" by Robert L. Ziegler great book for using IPTABLES

    Just my opinion though.
    dAggressor

    It\'s a long life, until you die

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •