Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Free Firewalls? Thoughts...

From: Ted Behling <ted-lists () monarchis net>
Date: Thu, 08 May 2003 13:20:38 -0400
At 02:23 AM 5/8/2003, Sean Barraclough wrote:

What are the thoughts on some of the "free" firewalls available. Such
firewalls as Darren Reeds IPF, or the OpenBSD PF? and the Linux offerings?

Performance?
Security?
Fancy tricks?

Just interested as to the thoughts out in the community.
I've used Linux firewalls since kernel 2.0, with IPChains and now IPTables. Their security is most heavily affected by the applications run on the firewall. Best practice is to run nothing on the firewall itself, use an external logging server, and run the OS off read-only media such as CD-R (perhaps with a floppy for config files). Some people run a Linux firewall in "halted mode," where the kernel is stopped but the network interfaces are still up. Theoretically, this allows the kernel to filter packets, but it would be unable to execute any new code if it were somehow exploited. As to performance, I've gotten several megabits per second through a Pentium Pro machine with desktop-grade NICs. I've never really benchmarked them, though, since the Internet pipes I deal with are relatively small (<= T1). 

Ted Behling, Chief Penguin Surgeon
Monarch Information Systems, Inc.
tbehling () monarchis net

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: