-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ���� ���, 28 �������� 2002, 00:16, Hetz Ben-Hamo ��� �� 'big question: FW-1 VS. Linux security tools': > As it stands today - can Linux be considered to be FW-1 replacement? how > much Linux tools (iptables, etc) can do and what can't they do compared to > Checkpoint's FW-1? (and I'm not talking about the GUI)
If you are not talking about the GUI, then by all means yes. Linux has been up-to-par with FW-1 ever since NetFilter came out with its stateful inspection methods. The Linux kernel now offers connection tracking, rate limiting, advanced routing, QoS and other neat features. configuring it to behave is still a bitch though - that what all those "firewall programs" out there try to do - offer easier configuration by autogenerating rules. none come close to the FW-1 GUI. While not being exactly a newbie compatible tool, the FW-1 GUI firewall builder provides very clear and easy ways to build a decent firewall w/o being a network security expert. > I'm NOT talking about VPN or extras like that. (btw - there's a rumor that > there's a Linux VPN client beta from Checkpoint - anyone knows where/how to > get it or buy it?) I've seen it a long time ago and it died a horrible death. I'm not aware of any resurrections as yet, but I'm not really following. - -- Oded ::.. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9vMjzkltamOf8EzsRAnnaAJ9CPxmDC9GPpkNnocF0oRnHI0AZRwCg4Jaa yHgh6+Z+c2awcdQET4Dm+TM= =wl4v -----END PGP SIGNATURE----- ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
