From owner-freebsd-isp  Thu May 28 12:40:56 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA06299
          for freebsd-isp-outgoing; Thu, 28 May 1998 12:40:56 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from ovbis01.ovb.ch (ovbis01.ovb.ch [195.65.24.144])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA06273
          for <isp@freebsd.org>; Thu, 28 May 1998 12:40:46 -0700 (PDT)
          (envelope-from ovb@ovb.ch)
Received: from zhwbs-e1-15.limmat.ch [194.191.121.215] 
	by ovbis01.ovb.ch with smtp (Exim 1.82 #1)
	id 0yf8Xa-0005gN-00; Thu, 28 May 1998 21:40:43 +0200
From: ovb@ovb.ch (Oliver von Bueren)
To: isp@FreeBSD.ORG
Subject: Re: Firewall software
Date: Thu, 28 May 1998 19:40:31 GMT
Organization: private
Message-ID: <3570b5e6.1286776386@mail.ovb.ch>
References: <D1C34C054DEAD111ACF700C0A850A45A58DB@gershwin.careergateway.com>
In-Reply-To: <D1C34C054DEAD111ACF700C0A850A45A58DB@gershwin.careergateway.com>
X-Mailer: Forte Agent 1.5/32.452
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id MAA06287
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 25 May 1998 18:49:24 +0800, you wrote:

>Does anyone have any recommendation for a firewall software to use on
>the FreeBSD box?
>I have been referred to Gauntlett and Checkpoint Firewall-1.  How do
>they compare?  Or would they be an overkill and instead I should use
>simply ipfw that comes with freeBSD?

I'd suggest you take a look into fwtk v1.3, this is what is in the
port collection, or take the original directly from
http://www.tis.com/, last time I checked the current version was at
2.0 something. This is the small brother of Gauntlett, without all the
mess with the configuration tools, which you don't need anyway, you
know better what you do if you do it yourself. I think it's still free
to use.

ipfw is IMHO not a firewall but a packet filter which you can use to
build kind of a firewall. You need to know if you want a maximum
security solution, the I would strongly discourage to use any software
that forwards ip packets in favor of a proxy aproach, which is what
fwtk is. 


       Cheers,
       Oliver


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message