Greetings!
Brian Aust wrote:
> So here's my basic question: Can anyone tell me what, exactly, FW-1 can do
> that a native Linux firewall could not? I'm talking about using an RHAT 6.2
> box with ipchains. I'm on a serious Linux kick here at Health Decisions,
> and have moved all of our webservers, DHCP server, DNS, etc. over to Linux.
Linux 2.2 kernel IP filters (ipchains) are not able to keep state - they are only
static IP filters. With this they are more comparable to router ACLs than to FW-1.
This will change in the new kernel 2.4 (iptables), but this software is not stable
yet.
If you can limit the traffic through the firewall to proxy(-able) traffic, a well
designed combination of ipchains, security filters and the other firewall stuff
(alerting, VNPs etc.) will be comparable in terms of security to any other (upper
class) FW.
FW-1 us a stateful (dynamic) packet filter - plus (limited) security servers. If you
are looking for a similar gateway security for "zero" cost, maybe the (stateful)
"IPfilter" *BSD software and security proxies might be an option for you?
Bye
vtv
****************************************************************
This email has been scanned for known viruses
by the Global One messaging system.
****************************************************************
begin:vcard
n:Tanger;Volker
tel;fax:+49 - 69 - 92901-213
tel;work:+49 - 69 - 92901-570
x-mozilla-html:FALSE
url:http://www.res.globalone.net/
org:Global One;Global Project Engineering
version:2.1
email;internet:[EMAIL PROTECTED]
title:Sr. Security Engineer
adr;quoted-printable:;;Stiftstrasse 23=0D=0A;Frankfurt;;60313;Germany
note;quoted-printable:Room 608=0D=0A
fn:Volker Tanger
end:vcard
