-
If you are interested in installing a firewall, before you go through all the trouble of setting up some kind of a PC platform running some kind of a firewall, I would recommend you look into firewall/router/switch/dhcp server combos. You can get them cheap ($50 bucks), they are overall going to be faster (specifically designed for that kind of application), and they are fairly easy to configure.
As far as whether or not you want to use an application layer firewall or a stateful packet inspection firewall, the choice depends on what you are trying to accomplish. A stateful packet inspection firewall will inherently be faster than an application layer firewall (it keeps it down at layer 3 versus layer 7 of an application firewall). Even though many stateful packet inspection firewalls have built in psuedo-proxy like functionality for well known protocols (ftp, telnet, http, etc), they are still basically unable to properly understand the application running on top of the communication stream (by definition). On the downside, most of these applications cost major bucks ($100K +). You got the freebies like iptables and (I think) netranger, and then the commerical firewalls like checkpoint, raptor, sidewinder.
If you insist on using that PC, I would say something like iptables, but would still recommend you get a firewall appliance...
Neb
-
Techincally, there is no such thing as a hardware firewall. All that means is that you have a box that is a dedicated firewall. It can be running OpenBSD with a firewall installed. It can be running linux with Checkpoint or iptables/ipchains installed. It can be running solaris with CP installed. It can be running NT with a firewall installed. etc etc. It just means that the ONLY use for that box is to be a firewall.
So is your question wether or not to set up a dedicated firewall, or just run a program on the machine you are using for other stuff also?
-
Yeah, souleman has it right. I realised after a convo with him that my wording sucked. No need to re-explain it though, ppl have already given me neggies for bad wording... :)
