[2083] in linux-security and linux-alert archive
[linux-security] Re: compare / contrast of linux fw and others
daemon@ATHENA.MIT.EDU (Rob Bringman)
Wed Oct 28 03:00:24 1998
Date: Tue, 27 Oct 1998 16:38:51 -0500
From: Rob Bringman <rob@trion.com>
To: linux-security@redhat.com
In-Reply-To: <19981013125902.A11720@trion.com>; from Rob Bringman on Tue, Oct 13, 1998 at 12:59:02PM -0400
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Opps, I guess it's been more than a week... :/
Anyway, I only got a few responses, and the ones I got weren't as
detailed and gory (ie technical) as I'd hoped. So I'll summarize in a
non technical way...
I am the Firewall-1 administrator where I work and it has a very nice
GUI tool for defining objects (can be hosts, networks, DNS domains,
groups of hosts, etc.) and a straightforward way of building a
rulebase.
At home I use the LRP with a mini-qmail daemon forwarding the e-mail
via qmqp to the real mailhost, and sshd for remote admin. It has
ipautofw, ipportfw and masquerading.
I really can't think of anything I can do with the Firewall-1 machine
that I can't do with this LRP machine. The whole OS used to fit on a
floppy until I added the mini-qmail and sshd packages. Now it boots
off a small HD and runs only on ramdisks. Except for the GUI and the
price, I'd say they are about equal in terms of power and protection.
I've looked into TIS but never used it. It involved running proxy
daemons on the firewall for telnet ftp and snmp. I like the LRP much
better.
(for those that don't know, LRP is the Linux Router Project. see
http://www.linuxrouter.org )
On Tue, Oct 13, 1998 at 12:59:02PM -0400, Rob Bringman wrote:
> Hi,
> I was wondering how a linux box configured as a firewall stacked up
> against some of the commercial products like checkpoint-1 and gauntlet.
> Can someone direct me to a good book or online doc that compares linux
> to some other firewall methods?
>
> Mind you, I'm not talking about a firewall in the classical sense, ie
> ip forwarding turned off and used as a proxy, but the typical Linux box
> with masquerading and ipfwadm rules, ipautofw, etc. vs. CheckPoint or
> whatever.
>
> What are the differences in features, security, control,
> administration, etc.
>
> [mod: Replies to Robert please. Robert, please summarize in a week -- REW]
> --
> Robert Bringman, Systems Engineer mailto:rob@trion.com
> TRION Technologies, Inc. http://www.trion.com
>
> To understand recursion, one must first understand recursion.
>
> --
> ----------------------------------------------------------------------
> Please refer to the information about this list as well as general
> information about Linux security at http://www.aoy.com/Linux/Security.
> ----------------------------------------------------------------------
>
> To unsubscribe:
> mail -s unsubscribe linux-security-request@redhat.com < /dev/null
--
Robert Bringman, Systems Engineer mailto:rob@trion.com
TRION Technologies, Inc. http://www.trion.com
To understand recursion, one must first understand recursion.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null