Re: Suggestions Needed

[Chris Travers <chris () travelamericas com>]

Hi all;

Personally I do prefer netfilter on Linux to ipfilter on FreeBSD.  This 
is strictly a matter of preference.  Here are the benefits I see of BSD 
or Linux...  Both are stateful, and relatively full-featured but they 
are different.

FreeBSD/IPFilter:  Simpler, shorter rule sets.  In security, it is 
important to simplify one's logic and IPFilter is very good at that.

Linux/Netfilter:  Netfilter allows you to subdivide your handling of the 
packets allowing greater separation of NAT and firewall function, and 
also greater defense in depth.  While it is more complicated, it is more 
extensible and there are many patches for specific functionality (such 
as matching a string-- you could match port 80 and string 
NNNNNNNNNNNNNNNNNNNNNNNNN  and log it as "Code_Red_I" for example if you 
wanted).

When I switched from IPChains to IPTables/Netfilter, I found it a little 
disorienting.  However, now that I am used to it, I am finding it very 
powerful.  I recommend running it on any bastion Linux host.

Best Wishes,
Chris Travers

theog wrote:

> Actually , I am quite amazed , no one mentioned iptables on linux
> (http://netfilter.samba.org) , thats what I use and recommend you to use ...
> you can install squid (proxy) and openvpn\freeswan on another machine (if
> you have it) or on the same machine.
>
>