Date: Thu, 4 Oct 2001 10:56:15 -0600 (MDT) From: "Forrest W. Christian" <forrestc@imach.com> To: "Drew J. Weaver" <drew.weaver@thenap.com> Cc: "'freebsd-isp@FreeBSD.ORG'" <freebsd-isp@FreeBSD.ORG> Subject: Re: firewall question Message-ID: <Pine.BSF.4.21.0110041050450.24408-100000@workhorse.iMach.com> In-Reply-To: <B1A7D9973EBED3119ADD009027DC86492B15DD@mailman.thenap.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 4 Oct 2001, Drew J. Weaver wrote: > is a freebsd firewall as good as a "hardware" solution such as watchguard > fireboxes or Cisco products? Depends. Some of the "hardware" solutions are actually freebsd or similar with a gui front end taked on them. I can't actually point at any product and say they are/aren't any more secure than any others. Personally, I find most gui-configured firewalls to be scary in that they tend to be black boxes you aren't quite sure what they are doing. I highly recommend cisco IOS with FW feature set which can be added to any cisco router, with the caveat that you need to know IOS to configure the thing. That said, for most people, almost anything which runs NAT and which you don't open up any holes in is probably good enough security. Personally, I recommend a FreeBSD box with nat running and some filters to filter bogus addresses (such as ones appearing to come from you coming from the outside) at the border. About the only thing some of the commercial boxes provide that FreeBSD doesn't is in-path virus and/or java filtering and sometimes caching or monitoring of internet usage. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0110041050450.24408-100000>