Re: [fw-wiz] insecurity in internet connection thro cable modems

From: Dave Mitchell (
Date: 02/14/03

  • Next message: yossarian: "Re: [fw-wiz] FirePass questions"
    From: Dave Mitchell <>
    To: "Perrymon, Josh L." <>
    Date: Fri, 14 Feb 2003 14:03:11 -0700

    For normal users I'd recommend some sort of appliance filter or firewall. More than
    likely, natting a home network behind a linksys soho router would be sufficient. If you
    want to do VPNing and what not, I think a Netscreen 5 would be the best for the home
    firewall. Putting in PIX 501's at someones home would be insane. If you have to administer
    it, a small Netscreen is much easier than dealing with PIX.


    On Fri, Feb 14, 2003 at 10:42:16AM -0600, Perrymon, Josh L. wrote:
    > Yeah... I ( Security Professional ) would implement IPChains or a PIX @
    > home...
    > But don't you think Linux is completely out of the question for a regular
    > end user?????
    > I'm looking for an application based firewall for my VPN users..
    > So far ZONE ALARM is my choice.. I just wished I could integrate it with
    > the PIX VPN client like the concentrator can.
    > Any Ideas??
    > -JP
    > -----Original Message-----
    > From: Chapman, Justin T []
    > Sent: Friday, February 07, 2003 11:29 AM
    > To: ' '
    > Subject: RE: [fw-wiz] insecurity in internet connection thro cable
    > modems
    > >
    > >ipchains is old ( for the previous Linux Kernel 2.2 ), iptables
    > > would be a better choice.
    > Agreed. If it's an option at all, choose iptables over ipchains. It's more
    > flexable and it's a stateful packet filter, which makes for a "smarter"
    > firewall. IPtables (and ipchains for that matter) can be a bit intimidating
    > to work with, especially if you're new to the syntax. If you're going to
    > "rolll your own" firewall, I would suggest searching Google/
    > for "iptables generator". There are plenty of scripts/web frontends/guis
    > that make creating simple "consumer-grade" firewalls a snap. One that I
    > particularly like is a cgi-based one at:
    > Good luck!
    > --justin
    > _______________________________________________
    > firewall-wizards mailing list
    > _______________________________________________
    > firewall-wizards mailing list

    Dave Mitchell
    Network Engineer, ViaWest
    (720) 891-1045
    firewall-wizards mailing list

    Relevant Pages

    • Re: iPod as an option...
      ... to learn to control the MacOS X firewall with any intelligence. ... Normal users cannot get the information needed, ... Now it's all about apps. ...
    • Re: Zonealarm
      ... >> up any checks or limits on outgoing traffic (although iptables is very ... >> is definitely possible to write that into your firewall if you want. ... Consequently the normal users have less ability to ... Also, if this is your first Linux experience, even more fundamental than ...
    • RE: fedora 9 live firewall
      ... Eric Penrose wrote: ... For a normal users, you don't need to enable anything on the firewall. ... The default settings for the firewall permit established connections ...
    • Re: XP firewall
      ... he knows alot about Internet Security said; XP firewall is ... GOOD for NORMAL users.. ...
    • Re: Kindly help me with this PIX problem
      ... If you have read the configuration that I posted, ... firewall configuration didn't change over many years and it did work ... PIX, our company cannot send or receive email. ... That command allows ssh to the PIX, ...