it depends what you need to do.
personally I would not start with redhat as the base for a firewall (given
a choice, it can be locked down if you spend enough time on it) but other
distros are much better.
the FTP vunerability in iptables also exists in other commercial firewalls
(I saw the alerts but as I use proxy based firewalls not SPF ones I didn't
pay attention wo which vendors) so it's not unique to linux or iptables.
by your comment about OpenBSD being treated as "a real OS" I definantly
would not push you to use an OS you don't personally feel comfortable
with.
I looked at BSDI and ipfilter a few years ago and decided that it didn't
really fit what I needed. I am comfortable with ipchains/ipfwadm (not
enough experiance yet with useing iptables) for general packet filtering
uses, but for FTP I always use a proxy, there have been to many exploits
against the packet filtering firewalls (look up FTP and firewall-1
sometime) for me to be happy with a 'packet filter' that does some of the
work for a proxy, but without the ability to do all of it.
for proxies you can usually use the FWTK (www.fwtk.org). while the proxies
do have their limits, within those limits they work well.
David Lang
On Thu, 26 Apr 2001, Ben Nagy wrote:
> Date: Thu, 26 Apr 2001 10:01:52 +1000
> From: Ben Nagy <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Linux Firewalls (WAS: Looking for...)
>
> Anyone,
>
> Setting aside general Linux enthusiasm and advocacy, does anyone really
> think that there's a good reason to use Linux for a firewall? I (personally)
> like ipfilter on OpenBSD, both because ipfilter is Damn Fine Stuff and
> because OpenBSD is treated like a real OS in terms of releases, revisioning
> and code review.
>
> To take the example below - RH 6.2 is r00table out of the box and ipchains
> is not stateful. RH 7 had problems, so they rushed 7.1. Iptables in 7.1 was
> then immediately found to have a bug in the FTP code (of course - where
> else?).
>
> I'd love to have some faith that iptables was cool and ready for primetime,
> since ipchains on Linux did more than anything else I can think of to raise
> awareness about solid, free firewalls (oh, the irony!) - but I still have
> many reservations.
>
> Comments, anyone?
>
> Cheers,
>
> --
> Ben Nagy
> Network Security Specialist
> Marconi Services Australia Pty Ltd
> Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
>
> > -----Original Message-----
> > From: DSC coria fernandez jose antonio
> > [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, April 25, 2001 7:36 AM
> > To: [EMAIL PROTECTED]
> > Subject: Looking for..............
> >
> >
> >
> > im looking information for install ipchains, in a red hat
> > box ver 6.2,
> > i was reading the hows to, but i still have questions?
> > some suggestions
> >
> > thanks a lot
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
