Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Various *nix based firewalls, pro and cons of each?

  1. #11
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by chsh



    Not being up on VPNs, wouldn't this be a function of your VPN server, not of the firewall?
    Ummm, no not necessarily. Many firewall products terminate VPN conntections and
    either use their own authentication database or pass that chore on to another authentication
    service like RADIUS.

    Compared to what?
    Well checkout something small like the Nokia IP330 running Checkpoint NG
    Out of the box, it crushes any netfilter based product I can think of. Sure you can
    probably glue a box together and gain some of the features. If you use a commercial product, you usually have a hard time compiling in new features if the vendor even allows it. If you roll your own, lots of things are possible if you have the time. I just don't have that kind of time.

    I think almost all *nix firewalls are capable of being run off read-only media like CD. [/B]
    Really. Cool which ones? I would love to check em out..

  2. #12
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Originally posted here by chsh
    I think almost all *nix firewalls are capable of being run off read-only media like CD.
    The only downside is that you'd have to use a dedicated machine for it and keep the ruleset on a virtual filesystem [most likely in RAM]. If you get a power outtage... you'd kinda have to reconfigure the whole 'shizzle' again [except if you have an UPS around]

    But you could do it on an USB memory stick Unfortunately I don't know of any BIOS that supports booting from an USB device [I'd love to embed Linux on my USB stick ]
    /\\

  3. #13
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    .... I have a ZIP drive that allows booting. And what about ZIPSlack? I haven't looked into it because I have no use for it.

  4. #14
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672

    But you could do it on an USB memory stick Unfortunately I don't know of any BIOS that supports booting from an USB device [I'd love to embed Linux on my USB stick ]
    Virtually every bios since around 2001 has had the ability to boot from a usb device. If yours doesn't..it's time to flash it.


    CHSH: a lot of places build things in to one device..such as ipcop and astaro. They both have a ton of features..vpn/content filter/spam filter/AV/firewall etc..

    ss2chef: like chsh..virtually any *nix can do it..but it's not neccesarily the best idea.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  5. #15
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by hogfly


    ss2chef: like chsh..virtually any *nix can do it..but it's not neccesarily the best idea.
    I'm aware it's available and infact I boot knoppix-std from usb drive often.
    I was more interested in actual firewall product at market which supports this. Do any exist?
    Most Linux/NF based stuff I have seen are stripped down to fit the small footprint.
    Usually the 1st things that get ditched are all but the most common drivers and configs.

    I have done RAM drive firewalls before.

    Hope I am not mis-understood. I like netfilter. But for my clients Enterprise dollar, I prefer to choose
    tinker free (my perspective) solutions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •