Firewall Wizards mailing list archives

Re: Firewall comparison

From: Bennett Todd <bet () newritz mordor net>
Date: Fri, 26 Feb 1999 17:43:43 +0000

1999-02-25-13:29:00 Radovan Semancik:

What info exactly are you interested in? Security? Pereformance? Design and
technology issues? Implementation features and bugs?


Design and technology. That's the thing that changes very slowly and has
a major influence on overall security and performance.


I've gotta agree on that.

These days, the design and technology that seems to me to make the best
firewalls for many, perhaps most settings, are a good well-supported Open
Source Unix-like OS like Linux or one of the free BSDs, together with a
suitable mix of proxies for your needs (e.g. TIS fwtk, smtpd, plugdaemon,
rinetd, qmail, squid), all nicely reinforced with some nice packet filtering
like ipfw or ipfilter. The technology here isn't a big step from the oldest
firewalls, mostly just adding the packet filtering reinforcement, but it's
still the best. Packet filtering firewalls like the FW1 and the Pix are nice
as somewhat sturdier replacements for screening routers, but for serious
protection I'd rather have data streams getting proxied at the top of a nice
solid IP stack and regenerated as nice shiny new packets, rather than having
dirty packets from the outside passed right through by a filter.

-Bennett

Current thread:

Firewall comparison Radovan Semancik (Feb 24)
- Re: Firewall comparison -=ArkanoiD=- (Feb 25)
  - Re: Firewall comparison Radovan Semancik (Feb 25)
    - Re: Firewall comparison Bennett Todd (Feb 26)
- <Possible follow-ups>
- RE: Firewall comparison Matt Lotz (Feb 25)
- Re: Firewall comparison Laurent LEVIER (Feb 25)
- Re: Firewall comparison ark (Feb 25)
- RE: Firewall comparison Jeff Bewley(Exch) (Feb 26)
- re: Firewall Comparison cschuttg () winning-strategies com (Feb 26)