Date: Mon, 24 Jan 2000 18:08:39 -0500 (EST) From: Brian Anderson <bunicula@rcn.com> To: Mike Sturdee <sturdee@mikesweb.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: firewall Message-ID: <Pine.BSF.4.21.0001241758500.3614-100000@asmodeus.diabolis.net> In-Reply-To: <4.1.20000124161616.00971ea0@mail.mikesweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jan 2000, Mike Sturdee wrote: > How does FreeBSD's firewall compare to CheckPoint 1? Depends on which firewall in freeBSD you're talking about. I'll use ipf in my comments, since that's the one I know... one of Firewall-1's big selling point is Stateful Inspection: When a packet comes in or out, it will check to see if it should be accepted or dropped. If it's accepted, the firewall will then open a port for the session. When the transaction is done, the port gets closed. This is obviously a much nicer thing than just leaving ports wide open ipf can also do stateful inspection. pass in on xl0 from any to any port = 25 keep state would allow any packet from anywhere come in to port 25. you wouldn't need to add any rules to allow your machine to reply out, since there's an implied rule allowing the return packets. one difference is that FW-1 has a GUI config, and is more 'enterprise ready'... you can have 10 machines with the FW-1 inspection module, and one management console that stores the policy info and pushes it out to the firewalls. the gui configuration tool can also be run on another machine. It's also multi platform, so you can configure the HP-UX firewall module, via a Solaris management unit, from a WinNT box. another difference is that FreeBSD is at worst 100 dollars, for the powerpack book / cds and a cookie. (well, maybe no cookie) where FW-1 can get REALLY expensive. my company is getting a copy, and the package is 22K. i have a fair amount of knowledge about both, so if you want to get into more of a discussion i can try to help out. brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001241758500.3614-100000>