Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm preferential to Shorewall. I dunno how it compares to m0n0 or ip cop tho. But with all the exploits in IOS lately, i would not blame you for dropping the Cisco gear. Even if they are mad expensive.
Last edited by linux.llama; 10-15-2005 at 05:44 PM.
Id recomend you read as many tutorials on IPTables as you can and when confident build the firewall/router from scratch. Its the only way to make the firewall/router exactly as you want it. + you will be able to troubleshoot it incase of glitches. Then make a script to add the rules after every reboot.
No, you are not nuts. In fact, we've had less problems administering and managing Linux iptables firewalls. Nothing against Cisco, but we've had several Pix firewalls fail on us, hardware or otherwise. There's nothing wrong with using a Linux iptables firewall, in fact they are all over the place in enterprise environments.
Cisco is hardware based firewall which is more robust and used expecially in high traffic network environment. Where as using linux as a router is a software based solution. If your network has significantly less traffic , then it is more effective and less costly to embrace linux.
That brings up a good point. Even though there are software and hardware firewalls. You have to use those terms loosely because the hardware firewall has to have software i.e. firmware. And since iptables is on the kernel level, isn't a linux firewall pretty close to a hardware firewall?
I'm just curious. Because the kernel administers the rules before it even reaches the user space, right?