Firewall Wizards mailing list archives
Re: Free Firewalls? Thoughts...
From: Javier Sanchez <jsanchez () myalert com>
Date: 09 May 2003 12:51:24 +0200
I found some explanation about the halted mode operation, cool .... http://www.samag.com/documents/s=1824/sam0201d/0201d.htm Does anyone know any tool/application to migrate a gauntlet ruleset to checkpoint fw1 ? Javier Sanchez Llera Buongiorno - MyAlert jsanchez () myalert com On Thu, 2003-05-08 at 19:20, Ted Behling wrote:
At 02:23 AM 5/8/2003, Sean Barraclough wrote:What are the thoughts on some of the "free" firewalls available. Such firewalls as Darren Reeds IPF, or the OpenBSD PF? and the Linux offerings? Performance? Security? Fancy tricks? Just interested as to the thoughts out in the community.I've used Linux firewalls since kernel 2.0, with IPChains and now IPTables. Their security is most heavily affected by the applications run on the firewall. Best practice is to run nothing on the firewall itself, use an external logging server, and run the OS off read-only media such as CD-R (perhaps with a floppy for config files). Some people run a Linux firewall in "halted mode," where the kernel is stopped but the network interfaces are still up. Theoretically, this allows the kernel to filter packets, but it would be unable to execute any new code if it were somehow exploited. As to performance, I've gotten several megabits per second through a Pentium Pro machine with desktop-grade NICs. I've never really benchmarked them, though, since the Internet pipes I deal with are relatively small (<= T1). Ted Behling, Chief Penguin Surgeon Monarch Information Systems, Inc. tbehling () monarchis net _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Evaluating Firewall, (continued)
- Re: Evaluating Firewall Henning Brauer (May 06)
- Message not available
- Re: Evaluating Firewall Rama Kant (May 06)
- Re: Evaluating Firewall Jeffery . Gieser (May 05)
- Re: Evaluating Firewall Carson Gaspar (May 06)
- Re: Firewall performance testing (Was: Re: Evaluating Firewall) Mikael Olsson (May 07)
- Re: Firewall performance testing (Was: Re: Evaluating Firewall) Carson Gaspar (May 07)
- Re: Firewall performance testing (Was: Re: Evaluating Firewall) Kyle R. Hofmann (May 07)
- Free Firewalls? Thoughts... Sean Barraclough (May 08)
- Re: Free Firewalls? Thoughts... Henning Brauer (May 08)
- Re: Free Firewalls? Thoughts... Ted Behling (May 08)
- Re: Free Firewalls? Thoughts... Javier Sanchez (May 09)
- Re: Free Firewalls? Thoughts... Mark Gumennik (May 09)
- Re: Free Firewalls? Thoughts... David Lang (May 09)
- Re: Free Firewalls? Thoughts... Mikael Olsson (May 10)
- Re: Free Firewalls? Thoughts... Javier Sanchez (May 12)
- Re: Evaluating Firewall Carson Gaspar (May 06)
- RE: Evaluating Firewall Ben Nagy (May 27)