Did you check the real good firewall
Astaro Security Linux
It is Linux based, but with their superior frontend, you dont need to understand Linux.
And it inlcudes Stateful inspection, proxies and VPN. The pwoer of FW, for a quarter
of the price
Klaus Schulze
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ron DuFresne
> Sent: Thursday, April 26, 2001 11:46 PM
> To: Jose Nazario
> Cc: Randal, Phil; [EMAIL PROTECTED]
> Subject: RE: Linux Firewalls (WAS: Looking for...)
>
>
>
> I do not see where the linux realm is hte only sucker to this kind of
> issue, in fact, time has shown it to be something significant for the
> BIG<tm> vendors themselves.
>
> Thanks,
>
> Ron DuFresne
>
> On Thu, 26 Apr 2001, Jose Nazario wrote:
>
> > On Thu, 26 Apr 2001, Randal, Phil wrote:
> >
> > > So I would not recommend IPTables under Linux without using the latest
> > > kernels.
> >
> > this is a dangerous philosophy to get into, frankly. the Linux
> kernel has
> > a long and tired history of introducing more bugs into the
> latest, rushed
> > kernel than they fix. (i've been using Linux since kernel 1.2, i'm a bit
> > old school.) as such, you're highly likely to break something
> valuable as
> > you attempt to fix something.
> >
> > the problem stems from a development cycle that has a pace that
> cannot be
> > monitored efficiently by the people who check code for correctness and
> > security. never mind that they explicitely don't care about security.
> >
> > sometime before 2.4 went 'prime time', i thought i would get involved. i
> > spent several intense days pouring over code and mailing list
> material and
> > emerged shocked at the inconsistent quality of netfilter code. its
> > blatantly insecure in some places, and contributions pour in and get
> > checked in without much scrutiny.
> >
> > i'm no longer the young, firey man i was. i don't have the time
> to put up
> > lonely battles and attempt to change even a few peoples' minds.
> i gave up,
> > i walked away from it and back towards code i could trust (*BSD and
> > IPFilter).
> >
> > you learn a lot reading kernel code, you get to see a lot of the innards
> > of a project that way by reading comments and looking at code quality.
> >
> > i said it last night, and i'll reiterate it: remember that not
> every tool
> > is designed for the jobs it can accomplish (ie a Linux firewall). use a
> > tool designed for a purpose like that, and in doing so you may have to
> > extend your horizons.
> >
> > ____________________________
> > jose nazario
> [EMAIL PROTECTED]
> > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> > PGP key ID 0xFD37F4E5 (pgp.mit.edu)
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
