Greetings! Brian Aust wrote: > So here's my basic question: Can anyone tell me what, exactly, FW-1 can do > that a native Linux firewall could not? I'm talking about using an RHAT 6.2 > box with ipchains. I'm on a serious Linux kick here at Health Decisions, > and have moved all of our webservers, DHCP server, DNS, etc. over to Linux. Linux 2.2 kernel IP filters (ipchains) are not able to keep state - they are only static IP filters. With this they are more comparable to router ACLs than to FW-1. This will change in the new kernel 2.4 (iptables), but this software is not stable yet. If you can limit the traffic through the firewall to proxy(-able) traffic, a well designed combination of ipchains, security filters and the other firewall stuff (alerting, VNPs etc.) will be comparable in terms of security to any other (upper class) FW. FW-1 us a stateful (dynamic) packet filter - plus (limited) security servers. If you are looking for a similar gateway security for "zero" cost, maybe the (stateful) "IPfilter" *BSD software and security proxies might be an option for you? Bye vtv **************************************************************** This email has been scanned for known viruses by the Global One messaging system. ****************************************************************
begin:vcard n:Tanger;Volker tel;fax:+49 - 69 - 92901-213 tel;work:+49 - 69 - 92901-570 x-mozilla-html:FALSE url:http://www.res.globalone.net/ org:Global One;Global Project Engineering version:2.1 email;internet:[EMAIL PROTECTED] title:Sr. Security Engineer adr;quoted-printable:;;Stiftstrasse 23=0D=0A;Frankfurt;;60313;Germany note;quoted-printable:Room 608=0D=0A fn:Volker Tanger end:vcard