Re: [fw-wiz] Using linux firewalls for PCI compliant infrastructure

On Tue, Nov 24, 2009 at 14:37, Siim Põder <siim@xxxxxxxxxxxxxxx> wrote:

We are using linux-based servers as firewalls for PCI compliant
infrastructure. During audits it has been OK so far but security
people internally have suggested that maybe a commercial product would
be better suited for PCI infrastructure (as it is pretty critical).

I'm personally very happy with the iptables firewalls - we can use all
the standard components for firewalls that we use for everything else
(including standard administration methods, patching and so forth).

What do you think, would a commercial firewall provide a tangible
improvement in security?
Is anyone else using linux-based firewalls for PCI (or otherwise
sensitive) infrastructure?


Following on from a couple of other posts, you could potentially use
fwbuilder ( as a front end, and argue that
the results are equivalent to some number of commercial offerings, for
which fwbuilder makes equivalent configurations.

firewall-wizards mailing list