Actually, most people have answered this already. I think the best thing is
to understand what a firewall is, assess your needs, and then decide.
First - a firewall is only a tool to enforce your access control. The better
the firewall, you should have a better resolution at defining what it is you
want to pass through, and what stopped. Since this only has to do with the
technology driving the firewall, all IPChains wrappers can hope for is
giving you the same amount of resolution as IPChains in standalone.
The second consideration is the ease of use and ease of configuration. Here
the wrappers can help you quite a bit if you are a novice.
Regarding the commercial products available - I know FW-1, and it has very
high capabilities (it has a finer enforcment capabilities than simply using
IPChains). The only version I worked with was 4.0, and there was no Linux
port to that version. FW-1 2000 does have a linux port, but I have never
worked with it, so I cannot testify for its UI. 4.0's GUI is a bit awkward,
so a novice has a chance of leaving something open which may otherwise have
been more secure. On the other hand, these are often rules that you need to
configure manually if working with IPChains, and may thus leave unsecured
yourself too (anti-spoofing rules are the most dominant example I can think
of in that respect).
I have never worked with the other commercial firewalls mentioned.
In short, I guess my answer can be summerized as this: In order to configure
a firewall, any firewall, you need to really understand what are the threats
you are facing, and how the firewall you are configuring is meant to help
you with defending against them. I know, to date, of no product that does
not require configuration in order to work.
I guess that the answer is - if you are talking about a personal need, study
computer security and install IPChains. If you need a firewall for a
commercial entity - study computer security and have them buy a commercial
product (probably FW-1).
Shachar
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 18, 2000 3:43 PM
Subject: firewall
> I'm finally starting to do something about security and I want to install
a
> firewall. I've looked around and there are so many programs available that
I'd
> like to hear recommendations from people who have used a firewall. Since
I'm
> using Mandrake, I looked at their site and they recommend **pmfirewall**.
> There's also a very detailed tutorial. There are also many firewalls
available
> on Tucows, but other than counting the number of cows, I don't know which
to
> choose.
>
> Any ideas?
>
> TIA
>
> file://-------------------------
> Shlomo Solomon
> E-Mail: [EMAIL PROTECTED]
> http://come.to/shlomo.solomon
> Date: 18-Oct-2000 Time: 15:38:54
>
> Message sent by XFMail on a LINUX Mandrake 7.0 machine
> file://-------------------------
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
>
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
