Hi, I just wonder if I can replace PIX firewall with machine having IPTable as my firewall. I want to control our firewall but due to the lack of knowledge in configuring PIX, i want to replace it with Linux or BSD. I do not have the time now to learn the complexity of PIX and yet I want to know what happening in my firewall and control it as much as possible. Do you think it is justifiable for me to replace it? Can you please provide me your inputs? Thank you very much. junji aisalen.wordpress.com Linux Registered User #253162 CentOS User Send instant messages to your online friends http://uk.messenger.yahoo.com
Jun Salen wrote:> Hi, > > I just wonder if I can replace PIX firewall with machine having IPTable as > my firewall. I want to control our firewall but > due to the lack of knowledge in configuring PIX, i want to replace it with > Linux or BSD. I do not have the time now to > learn the complexity of PIX and yet I want to know what happening in my > firewall and control it as much as possible. > Do you think it is justifiable for me to replace it? Can you please provide > me your inputs? Thank you very much.Personally I'd go with OpenBSD with pf. It's real easy to use, much more powerful than IP Tables, and, well just better. I've been running OpenBSD firewalls for a few years now, before that my favorite was FreeBSD with ipfw(before bridging was common in linux). All of my BSD firewalls are bridging firewalls. The most annoying thing about OpenBSD is the partitioning setup during installation. I can't believe they haven't changed it in as long as I've been using it(about 7 years now). Despite having used linux/unix systems for about 13 years I still get confused when I get to that screen in the installation (I don't install it very often). I've installed HPUX, AIX, Tru64, Solaris, tons of Linux distros, FreeBSD, and OpenBSD, and probably a couple others I've forgotten, and still that fdisk-type tool that OpenBSD uses is so confusing. OpenBSD PF user guide here: http://www.openbsd.org/faq/pf/index.html nate
>nate wrote: >> Personally I'd go with OpenBSD with pf. It's real easy to use, >> much more powerful than IP Tables, and, well just better. >> I've been running OpenBSD firewalls for a few years now, before >> that my favorite was FreeBSD with ipfw(before bridging was common >> in linux). All of my BSD firewalls are bridging firewalls. >> >> The most annoying thing about OpenBSD is the partitioning setup >> during installation.... > >you might check out pfSense, which is a hybrid of freebsd kernel with >the openbsd pf stuff, and a nice web gui for managing it. can run on >very minimal hardware, booting from a tiny flashcardThanks Nate and John. This will surely become one of the projects of mine in the future. Again, thanks for the inputs. junji aisalen.wordpress.com Linux Registered User #253162 CentOS User Send instant messages to your online friends http://uk.messenger.yahoo.com
----- Original Message ---- From: Brent L. Bates <blbates at vigyan.com> To: Jun Salen <nokijun at yahoo.com> Sent: Monday, February 11, 2008 9:30:44 PM Subject: Re: [CentOS] IPtables Possibility>Personally, I'd use ipfilter instead of ipchains/iptables, or what ever>theyare calling it this month. It is much better software and I find it much>easierto use and configure than the other. It is used on a wide variety of>OS's.However, what ever you choose to use, it will still be a steep learning>curve.You might be better off learning more about your current firewall than>switchingto something else. Since I do know how to set up ipfilter, I do>findit difficult using the canned firewall boxes. Things I could easily do>withipfilter are usually a pain in the neck or they can not be done at all>withthese other boxes. I hope this is of some help. Thanks for the advice Brent. junji aisalen.wordpress.com Linux Registered User #253162 CentOS User Send instant messages to your online friends http://uk.messenger.yahoo.com