Date: Thu, 24 Apr 1997 18:22:52 +0200 (MET DST) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: mike@sentex.net (Mike Tancsa) Cc: freebsd-isp@freebsd.org, security@freebsd.org Subject: Re: Commercial vs built in firewall capabilities of FreeBSD Message-ID: <199704241622.SAA16227@ocean.campus.luth.se> In-Reply-To: <3.0.1.32.19970424111952.00a1f1e0@sentex.net> from Mike Tancsa at "Apr 24, 97 11:19:52 am"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Mike Tancsa: > > After looking around a lot of the firewall sites and browsing through the > firewall list archives, I am still not entirely clear what a commercial > firewall costing $10K U.S. would give me over the basic firewalling > capabilities in FreeBSD combined with sshd, NAT, proxy servers and or SOCKS > v5... Although VPN would be a very nice feature to have to link up remote > offices, if this is not necessary, should we reccomend to the client to go > out and spend $10K on a commercial firewall solution as opposed to a > FreeBSD box ? How's "Firewall1"'s ability to analyze the traffic and such, for example? Like, it can let outgoing UPD go out, and answers to it come back, but nothing else. And it will look into FTP packets and snoop your connections for port setups, and let that port connect, when it comes. Thereby, ftp, archie, or anything else which has problems with firewalls willwork as expected. And... you can make it filter out the ActiveX components of web pages, etc. Plus: You get a real easy to set up, GUI configuration thing, which will by pure eay-to-use factor make your firewall safer, since you wont forget anything so easilly. Sure, you can do that with FreeBSD. Just use divert sockets, and write a program to handle it. Problem is, you'll spend quite a lot of money in developing the same functions. You DO get something for you money, you really do. I'm all for FreeBSD as a firewall, and anything else, basically. However, it's all about what your budget is. If they have the money, I think it's problably worth it. /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704241622.SAA16227>