[2083] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: compare / contrast of linux fw and others

daemon@ATHENA.MIT.EDU (Rob Bringman)
Wed Oct 28 03:00:24 1998

Date: Tue, 27 Oct 1998 16:38:51 -0500
From: Rob Bringman <rob@trion.com>
To: linux-security@redhat.com
In-Reply-To: <19981013125902.A11720@trion.com>; from Rob Bringman on Tue, Oct 13, 1998 at 12:59:02PM -0400
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

Opps, I guess it's been more than a week... :/

Anyway, I only got a few responses, and the ones I got weren't as
detailed and gory (ie technical) as I'd hoped. So I'll summarize in a
non technical way...

I am the Firewall-1 administrator where I work and it has a very nice
GUI tool for defining objects (can be hosts, networks, DNS domains,
groups of hosts, etc.) and a straightforward way of building a
rulebase.

At home I use the LRP with a mini-qmail daemon forwarding the e-mail
via  qmqp to the real mailhost,  and sshd for remote admin.  It has
ipautofw, ipportfw and masquerading.  

I really can't think of anything I can do with the Firewall-1 machine
that I can't do with this LRP machine.  The whole OS used to fit on a
floppy until I added the mini-qmail and sshd packages.  Now it boots
off a small HD and runs only on ramdisks.  Except for the GUI and the
price, I'd say they are about equal in terms of power and protection.

I've looked into TIS but never used it.  It involved running proxy
daemons on the firewall for telnet ftp and snmp.   I like the LRP much
better.

(for those that don't know, LRP is the Linux Router Project.  see
http://www.linuxrouter.org )




On Tue, Oct 13, 1998 at 12:59:02PM -0400, Rob Bringman wrote:
> Hi,
> I was wondering how a linux box configured as a firewall stacked up
> against some of the commercial products like checkpoint-1 and gauntlet.
> Can someone direct me to a good book or online doc that compares linux
> to some other firewall methods?
> 
> Mind you, I'm not talking about a firewall in the classical sense, ie
> ip forwarding turned off and used as a proxy, but the typical Linux box
> with masquerading and ipfwadm rules, ipautofw, etc.  vs.  CheckPoint or
> whatever.
> 
> What are the differences in features, security, control,
> administration, etc.
> 
> [mod: Replies to Robert please. Robert, please summarize in a week -- REW]
> -- 
> Robert Bringman, Systems Engineer           mailto:rob@trion.com
> TRION Technologies, Inc.                    http://www.trion.com
> 
>  To understand recursion, one must first understand recursion.
> 
> -- 
> ----------------------------------------------------------------------
> Please refer to the information about this list as well as general
> information about Linux security at http://www.aoy.com/Linux/Security.
> ----------------------------------------------------------------------
> 
> To unsubscribe:
>   mail -s unsubscribe linux-security-request@redhat.com < /dev/null

-- 
Robert Bringman, Systems Engineer           mailto:rob@trion.com
TRION Technologies, Inc.                    http://www.trion.com

 To understand recursion, one must first understand recursion.

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post