At 22:25 +1000 on 15/04/02, Darren wrote: >A page for doorstop or netbarrier would be more to the point since this >ones for pc's and very wrong.
Steve has a heckuva lot more experience as a network admin than just about anyone else I know, and I highly doubt you're in a position to criticise his knowledge. What he says - at least about why software firewalls are crap - makes a lot of sense if you think about it for a few seconds. (Ignore the very valid reasons why the marketing departments shouldn't be allowed anywhere near software development for the moment.) Allow me to explain another way: The assumption is that a firewall is intended to keep out undesired traffic from the machine(s) on the protected portion of the network. Let's say, for the point of demonstration (and what's usually the case), that the network consists of one box hooked to a broadband connection. This box is the user's primary computer, used for everything, including the software firewall. A software firewall running on this box has, by definition, *already* failed its basic "raison d'être," if you will. It can't block any traffic from getting to the box it's supposed to protect simply because *IT IS RUNNING ON THAT BOX*. In order to detect any of the traffic, it *has* to let it through, thus compromising the box. If you *dedicate* a box to running a software firewall, which *will* require a second network interface of some kind (traffic in has to get out somehow), that's really no different from running a hardware firewall in the first place, since even hardware firewalls have to have *some* sort of software on them (usually a proprietary OS) in order to do anything. An SE/30 is a very poor choice for this because, as Darren said, there isn't any (certainly nothing particularly useful) firewall software for the Mac OS on a 68K, and SCSI-Ethernet adapters are *not* yet supported under *nix (NetBSD or Debian being the two primary *nixen for the SE/30). A IIci (or any other Mac easily capable of supporting two Ethernet interfaces) is a *much* better choice, but again, you'll have to run *nix and, to answer an earlier question, no, there isn't a "preconfigured firewall" that you can "just install" easily. the pickle FAQ <http://macfaq.org/index.shtml> Software Archive <ftp://download:[EMAIL PROTECTED]//Users/thepickl/Sites/Archive/> _________________________________________________________________ -- Compact Macs is sponsored by <http://lowendmac.com/> and... SPECIAL LIST PRICES - Replacement Apple CDROMs from $19.99, MacOS 8.5 CD $79.99 PPC 5400/200Mhz 16/1.6GB/CD/ENET/L2 $119, 5+ for $99 <mailto:[EMAIL PROTECTED]> Support Low End Mac <http://lowendmac.com/lists/support.html> Compact Macs list info: <http://lowendmac.com/lists/compact.shtml> The FAQ: <http://macfaq.org/> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive:<http://www.mail-archive.com/compact.macs%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
