Firewall Wizards mailing list archives
Re: Open Source Personal Firewall?
From: Breno Jacinto <breno () gamebox net>
Date: Sat, 13 Dec 2003 22:36:47 -0300
* Charles Swiger (cswiger () mac com) wrote:
Googling for "firewall open source" should produce significant numbers of relevant examples. You haven't mentioned what capabilities this firewall should have, although anything reasonable will have a baseline of simple packet filtering, stateful packet filtering, NAT, and some combination or subset of DHCP/zeroconf/uPnP for internal hosts. (1) Are you looking for an appliance, or are you looking to install OSS software onto an existing machine (presumably commodity Intel hardware)? If the latter, you could start with OpenBSD or a hardened flavor of Linux (Bastille?), or PicoBSD (look up Luigi Rizzo, the author of IPFW).
Just to avoid confusion: I refer to personal firewalls to softwares like Zonealarm. It's limited (simple packet filtering) compared to real ones (openbsd, linux etc), but supposedly more usable. I was looking for an OSS equivalent of Zonealarm, BlackICE and the like. I know many 'real' firewalls - in-kernel, customized OSes - which are OSS, like the ones you mentioned. But they're not 'usable' without an expert (or maybe NO firewall can be of good use without an expert setting it up). The trade-off between usability and security is cruel.
If grandma already has a Linksys multiport broadband router, using the bundled firewall is likely to be an easier solution than adding another device, particularly if grandma doesn't really understand what a network is and would like someone else to plug in all of the cables for her. :-)
Oh yes :) But thats a too ideal situation. Almost no users make use of firewalls, and most have no idea that 135 is open etc... Thats why PF can come handy. Like a 'minimum' security for the everyday user. Well, considering the user knows what he is doing...
1: And it's been the latter which has tended to result in bugs with most firewalls, another example of the classic tradeoff between ease-of-use and security...
Yes, and the question remains: If we need an expert to set up a 'Personal Firewall', cause otherwise the user will not be alble to set a decent policy, is there any reason why not use a cheap machine in front of the PCs running OpenBSD/Linux doing NAT (..) rather than a Software (Zonealarm) running in the host itself? cheers, // Breno Jacinto // breno () freeunix com br // Key fingerprint = A5C3 3B22 140D C973 6AC6 2D62 2318 B8FA 15F9 D3FC // Never be afraid to try something new. Remember, amateurs built the // ark; professionals built the Titanic. -- Anonymous _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Open Source Personal Firewall? Breno Jacinto (Dec 11)
- Re: Open Source Personal Firewall? Charles Swiger (Dec 12)
- Re: Open Source Personal Firewall? Breno Jacinto (Dec 13)
- Re: Open Source Personal Firewall? Charles Swiger (Dec 14)
- Re: Open Source Personal Firewall? Breno Jacinto (Dec 13)
- <Possible follow-ups>
- RE: Open Source Personal Firewall? Petreski, Samuel (Dec 12)
- Re: Open Source Personal Firewall? Charles Swiger (Dec 12)