LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
From: Andrew Hill <list@fornax.net>
To : Earnshaw, Mike <earnshawm@wa.switch.aust.com>
Date: Fri, 25 Feb 2000 19:30:01 +1030
Re: <REQ for comments> : Firewalls
> "Earnshaw, Mike" wrote:
> I know Linux has firewall code built in, but in an honest explanation
> how effective is it with regards to commercial products like
> Firewall-1. I did initially think "well it can't be better, its free",
> but then I remembered NT .... but I don't require responses that
> belittle one OS against another, even though it may be merited. I am
> requesting a more engineered answer: FW-1 is better because .... or
> Linux surpasses FW-1 in flexibility and .... etc
I'd suggest that in regards to feature set and ease of use, it's as good
as anything else out there. However, you do have to be aware that unlike
'black box' solutions, you do have to ensure that your Linux box
firewall is properly locked down before it is put into use, because if
the box can be compromised, then so can your fire walling. (Of course,
the same goes for having to make sure your black box is set up
correctly, but it's a little harder to install a new faulty web server
or the like on one of those :-)
Of course, if money is not an object, there are some features that it
can buy, like bridge firewalls (see
http://www.bell-labs.com/user/tal/papers/#FireBridge) and Layer 4
switching stuff (yes, I'm a bit vague on this still - would a Linux box
be a bridge firewall? Or not, as it has its own IP, whereas Lucent's
Brick can be set up without one?)
The only other thing to consider might be how many TCP connections do
you need to make/destroy and how many packets are you planning on
putting through every second? If it's a very large number, the amount of
network card bandwidth/CPU time/Motherboard FSB bandwidth in your Linux
box's hardware could become a physical limit.
Cheers,
--
Andrew Hill
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
Return to the LinuxSA Mailing List Information Page