Tweet
UNIX Firewalls
I just wanted to ask if anyone knows of a really good firewall for UNIX that could compare to Bastille. I am very happy with Bastille and have been unable to find anything better within the past few months. I am not looking to get rid of Bastille, just looking to see what I can find. And, of course we all know that iptables/netfilter configured to your liking is the best of all but i am trying to see if there is a configurable one that can meet the quality of Bastille. Tell me if you find one.:)
-
-= infernus =- -
Re: UNIX Firewalls
You might want to qualify that...as in..FREE! Cuz there are TONS of commercial firewalls that I will take over bastille or ipfilters/chains anyday!Originally posted by Infernus
I just wanted to ask if anyone knows of a really good firewall for UNIX that could compare to Bastille. I am very happy with Bastille and have been unable to find anything better within the past few months. I am not looking to get rid of Bastille, just looking to see what I can find. And, of course we all know that iptables/netfilter configured to your liking is the best of all but i am trying to see if there is a configurable one that can meet the quality of Bastille. Tell me if you find one.:)perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)' -
FIRE
Yes, I am referring to freeware firewalls.-= infernus =-Comment
-
Well... I'll pipe in and inquire about the commercial firewalls. Not everyone is in the position to evaluate commercial firewalls, let alone gain an opinion of one over another. So... to those who can, what is your favorite / most reliable? Why?if it gets me nowhere, I'll go there proud; and I'm gonna go there free.Comment
-
I've been using IPCop for about a month between my DSL connection and intranet and haven't had many complaints. All you need is an old computer with two NICS and the ISO image of IPCop that can be downloaded for free. Very easy setup and maintenance. I would highly recommend trying if you haven't already.Originally posted by 0versightComment
-
I'm not sure exactly what you would consider to be "quality", however as far as raw packet filtering power I think you'll be hard pressed to match the world's foremost stateful packet filter, pfOriginally posted by Infernus45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
[ redacted ]Comment
-
Cisco's Pix series. Good configuration, solid, and when coupled with a properly-configured dynamic network IDS, extremely effective in keeping idiots at bay.Originally posted by convergeComment
-
I would have to second skroo on using the Cisco pix firewalls. They are confusing though.The penguin is watching.
"The DefCon forums dont reward knowledge, but punish iggnorance." -NoidComment
-
checkpoint FW-1 hands down.
however since i don't have $30k+ to drop on a personal firewall appliance (estimated cost of initial software, hardware, support contracts, features, etc), my vote goes to ipf. well supported by several unix and unix-like operating systems (*bsd, irix, solaris, qnx, etc), stateful inspection, transparent proxying (through ipnat), extensive logging features, etc. pf comes in a close second though. logging to pcap format, QoS (altq merger), etc. the only reason i prefer ipf is the portability. i'm a lazy person by nature and being able to migrate my rules script from OS to OS is nice (with the exception of network interfaces/names).Comment
Comment