Re: [fw-wiz] Open Source Personal Firewall?
From: Breno Jacinto (breno_at_gamebox.net)
Date: 12/14/03
- Previous message: JC Marze: "[fw-wiz] PIX inside interface not accessible using CVPN"
- In reply to: Charles Swiger: "Re: [fw-wiz] Open Source Personal Firewall?"
- Next in thread: Charles Swiger: "Re: [fw-wiz] Open Source Personal Firewall?"
- Reply: Charles Swiger: "Re: [fw-wiz] Open Source Personal Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Charles Swiger <cswiger@mac.com> Date: Sat, 13 Dec 2003 22:36:47 -0300
* Charles Swiger (cswiger@mac.com) wrote:
> Googling for "firewall open source" should produce significant numbers
> of relevant examples. You haven't mentioned what capabilities this
> firewall should have, although anything reasonable will have a baseline
> of simple packet filtering, stateful packet filtering, NAT, and some
> combination or subset of DHCP/zeroconf/uPnP for internal hosts. (1)
>
> Are you looking for an appliance, or are you looking to install OSS
> software onto an existing machine (presumably commodity Intel
> hardware)? If the latter, you could start with OpenBSD or a hardened
> flavor of Linux (Bastille?), or PicoBSD (look up Luigi Rizzo, the
> author of IPFW).
Just to avoid confusion: I refer to personal firewalls to softwares
like Zonealarm. It's limited (simple packet filtering) compared to real ones (openbsd, linux
etc), but supposedly more usable.
I was looking for an OSS equivalent of Zonealarm, BlackICE and the
like. I know many 'real' firewalls - in-kernel, customized OSes -
which are OSS, like the ones you mentioned. But they're not 'usable' without an
expert (or maybe NO firewall can be of good use without an expert
setting it up). The trade-off between usability and security is cruel.
>
> If grandma already has a Linksys multiport broadband router, using the
> bundled firewall is likely to be an easier solution than adding another
> device, particularly if grandma doesn't really understand what a
> network is and would like someone else to plug in all of the cables for
> her. :-)
Oh yes :) But thats a too ideal situation. Almost no users make use of firewalls, and
most have no idea that 135 is open etc...
Thats why PF can come handy. Like a 'minimum' security for the
everyday user. Well, considering the user knows what he is doing...
>
>
> 1: And it's been the latter which has tended to result in bugs with
> most firewalls, another example of the classic tradeoff between
> ease-of-use and security...
>
Yes, and the question remains: If we need an expert to set up a
'Personal Firewall', cause otherwise the user will not be alble to set
a decent policy, is there any reason why not use a cheap machine in
front of the PCs running OpenBSD/Linux doing NAT (..) rather than a
Software (Zonealarm) running in the host itself?
cheers,
// Breno Jacinto
// breno@freeunix.com.br
// Key fingerprint = A5C3 3B22 140D C973 6AC6 2D62 2318 B8FA 15F9 D3FC
// Never be afraid to try something new. Remember, amateurs built the
// ark; professionals built the Titanic. -- Anonymous
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: JC Marze: "[fw-wiz] PIX inside interface not accessible using CVPN"
- In reply to: Charles Swiger: "Re: [fw-wiz] Open Source Personal Firewall?"
- Next in thread: Charles Swiger: "Re: [fw-wiz] Open Source Personal Firewall?"
- Reply: Charles Swiger: "Re: [fw-wiz] Open Source Personal Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
