May 1st, 2002, 06:06 PM
help needed with firewalls
i learned a little bit of packet filtering using ipchains in Red Hat Linux 7.1..is it possible to set up a perfect(or almost a good) firewall using ipchains that would stand up to other commercially available firewalls?if i were to use ipchains to protect a network where very critical and confidential work is being done,what are the chances that i will look like a big fool..
by the way i have heard about checkpoint,raptor and PIX..other than that what are the other prominent firewalls in use..how would you guys rate their performance,ease of use,market preference and price?how are these firewalls different from ipchains?well i know a little bit,,like the fact that firewalls come in two flavours,one that operates at the network layer(like ipchains) and the other that operates at the application layer providing more control over the data that passes by..
May 1st, 2002, 08:18 PM
The main problem with IPChains is that is is not a stateful firewall, which means it does not keep track of active sessions in a state table. It simply blocks (or accepts) based on predefined parameters. IPTABLES took care of this problem because it is stateful, however, I personally think IPTABLES is more complex than it needs to be. I would recommend using IPF if you are going to stick to open source. For commercial firewalls, stick to Checkpoint or Cisco PIX.
Just my recommendation...although everyone has their own opinion.
May 1st, 2002, 09:40 PM
iNViCTuS is correct about IPF. My opinion on the enterprise firewall differs ever so slightly. I'd use Sunscreen in bridged mode, but it sounds to me like you want it free so stick w/IPF.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
May 1st, 2002, 10:34 PM
ever so slightly? <wide grin>
May 3rd, 2002, 12:15 AM
I personally like IPTABLES, although complex you do have control. If you are currently using ipchains i would recommend a change no matter what your choice may be.
For IPTABLES info i would check out "Linux Firewalls (second edition)" by Robert L. Ziegler great book for using IPTABLES
Just my opinion though.
It\'s a long life, until you die