What is everyone using for a firewall? I'm currently using www.astaro.com but their recent releases have soured me on ASL as a practical solution on my hardware (1.2MHz Athlon, 30G, and 256M). I only have 4 computers going through the firewall wall but it's consistently at 50% cpu load. There is very little network traffic (<10k bits per second on the wan connection, < 40k bits per second between other internal lans (I have 4 internal lans and a wan)) Basically I'm using it for: packet filtering, masq, port forwarding, IDS, dns proxy (only if my internal DNS servers have failed) smtp proxy smtp virus protection smtp spam protection http proxy (caching) http virus protection http url monitoring (via Cobain) the firewall also monitors a bunch of statistics, etc. I'm looking for something that is installed, configured and runs. I don't want to be tweaking this parameter of postfix, that parameter of the smtp virus protection, etc. I want something that just works that I don't need to play with except for new rules, etc. I'll pay a reasonable price for a package that I can test to verify suitable performance (I'm not a commercial operation, this is just for my toys). At the moment, I'm looking at Gibraltar. But the community seems small. I haven't downloaded it yet but I'm considering it an option for this round of firewall evaluation. Any other suggestions for inclusion? BTW, anything like smoothwall that allows wide open outbound connections and doesn't support a box with 5 network cards off the CD is not a viable candidate. Thanks much all, .dn
I have been following the m0n0wall mailinglist for a few weeks now. Looks like a very nice piece of work. I don't believe it has AV or IDS built in. You might look at a gateway "appliance" for some of the extra tasks and leave the firewall to being a firewall. Might switch to it from freesco. ref. www.m0n0.ch www.freesco.org -----Original Message----- From: centos-admin at caosity.org [mailto:centos-admin at caosity.org]On Behalf Of donavan nelson Sent: Tuesday, September 07, 2004 12:52 PM To: centos at caosity.org Subject: [Centos] OT: firewalls What is everyone using for a firewall? I'm currently using www.astaro.com but their recent releases have soured me on ASL as a practical solution on my hardware (1.2MHz Athlon, 30G, and 256M). I only have 4 computers going through the firewall wall but it's consistently at 50% cpu load. There is very little network traffic (<10k bits per second on the wan connection, < 40k bits per second between other internal lans (I have 4 internal lans and a wan)) Basically I'm using it for: packet filtering, masq, port forwarding, IDS, dns proxy (only if my internal DNS servers have failed) smtp proxy smtp virus protection smtp spam protection http proxy (caching) http virus protection http url monitoring (via Cobain) the firewall also monitors a bunch of statistics, etc. I'm looking for something that is installed, configured and runs. I don't want to be tweaking this parameter of postfix, that parameter of the smtp virus protection, etc. I want something that just works that I don't need to play with except for new rules, etc. I'll pay a reasonable price for a package that I can test to verify suitable performance (I'm not a commercial operation, this is just for my toys). At the moment, I'm looking at Gibraltar. But the community seems small. I haven't downloaded it yet but I'm considering it an option for this round of firewall evaluation. Any other suggestions for inclusion? BTW, anything like smoothwall that allows wide open outbound connections and doesn't support a box with 5 network cards off the CD is not a viable candidate. Thanks much all, .dn _______________________________________________ CentOS mailing list CentOS at caosity.org http://www.caosity.org/mailman/listinfo/centos -------------- next part -------------- A non-text attachment was scrubbed... Name: License.URL Type: application/octet-stream Size: 60 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20040907/e5442d4b/attachment-0003.obj>
I use Astaro version 4/5. I am reverted back to V4 as V5 is still a beta release as far as i am concerned. V5 is a RAM pig..you can get your licenses reverted back to v4(if you did not archive your license file) and that is what i would do..:) I have also deployed smoothwall at a client's location and it is very quick..of course it is only a firewall/proxy and does not do a/v or spam protection. The community around smoothie is quite active and there are tons of add-ons for it. William donavan nelson wrote:> What is everyone using for a firewall? > > I'm currently using www.astaro.com but their recent releases have soured > me on ASL as a practical solution on my hardware (1.2MHz Athlon, 30G, > and 256M). I only have 4 computers going through the firewall wall but > it's consistently at 50% cpu load. There is very little network traffic > (<10k bits per second on the wan connection, < 40k bits per second > between other internal lans (I have 4 internal lans and a wan)) > > Basically I'm using it for: > > packet filtering, > masq, > port forwarding, > IDS, > dns proxy (only if my internal DNS servers have failed) > smtp proxy > smtp virus protection > smtp spam protection > http proxy (caching) > http virus protection > http url monitoring (via Cobain) > the firewall also monitors a bunch of statistics, etc. > > I'm looking for something that is installed, configured and runs. I > don't want to be tweaking this parameter of postfix, that parameter of > the smtp virus protection, etc. I want something that just works that I > don't need to play with except for new rules, etc. > > I'll pay a reasonable price for a package that I can test to verify > suitable performance (I'm not a commercial operation, this is just for > my toys). > > At the moment, I'm looking at Gibraltar. But the community seems > small. I haven't downloaded it yet but I'm considering it an option for > this round of firewall evaluation. Any other suggestions for inclusion? > > BTW, anything like smoothwall that allows wide open outbound connections > and doesn't support a box with 5 network cards off the CD is not a > viable candidate. > > Thanks much all, > > .dn > _______________________________________________ > CentOS mailing list > CentOS at caosity.org > http://www.caosity.org/mailman/listinfo/centos >-- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- carpe ductum -- "Grab the tape"
On Tue, 07 Sep 2004 11:52:28 -0500, donavan nelson <donavan at 4wx.net> wrote:> What is everyone using for a firewall?I doubt this will satisfy your needs, but I've been very happy with floppyfw: http://www.zelow.no/floppyfw/ We have been using it for our clusters and labs for years. -- Tim Mattox - tmattox at gmail.com - http://homepage.mac.com/tmattox/