Zheng Bokui <[EMAIL PROTECTED]> writes: >Of course commerical ones provide more features. What I'm most concerned is >security: Can I build a secure firewall with IPFILTER? Sure you can! It's just a matter of taking the time and learning the tool, then configuring it carefully. As I've mentioned elsewhere on this mailing list, the commercial firewalls don't actually _do_ very much: mostly what you're getting with them is user interface and reporting tools. Reporting is easy, and experts don't need the user interface stuff. The weaknesses in firewalls are almost exclusively related to the incoming traffic problem, or the outgoing traffic problem. As long as you're careful about the former and aware of the latter, you'll be OK. (I say "aware" of the outgoing problem because firewalls can't solve it) mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
