From: Colonel Flagg (colonel_flagg_at_NOSOUPFORJ00internetwarzone.org)
Date: Tue, 15 Jun 2004 02:53:27 -0400
In article <MPG.firstname.lastname@example.org>,
> In article <MPG.email@example.com>,
> colonel_flagg@NOSOUPFORJ00internetwarzone.org says...
> > the key word is "flexible", a cisco _anything_ cannot do _everything_ a
> > linux box can do....
> there are two problems with that statement:
there's several things wrong with your train of thought. first and
foremost, while you're running linux as a firewall, you can also run it
as an independent _anything_ box... such as a DNS machine, an smtp
server, an IDS, hell, you can use it as a workstation... you cannot do
that with ANY cisco firewall's, routers, etc.
> 1) Nothing on CISCO is easy when it comes to an untrained person
nor did i say that it was, in fact, you pretty much agreed with my
opinion about cisco.
> 2) A Linux firewall is not easy when it comes to an untrained person
and you agreed with one of my other posts in this thread with the above.
i never said linux was easy for the untrained person, in fact, i said
just the opposite.
> A firewall appliance, with all the bells and whistles, can be must
> easier and more flexible in a firewall role than a Linux box -
i agree, it can be, and it is. however, it's not overall, more flexible.
> since you
> must enable/add software for all of those Linux features you want.
again, i agree with that. with linux, you need to add just about
everything.... with FreeBSD, it's a simple kernel build.
> an appliance, a full featured one, there is not one standard
> firewall/filter feature that you can't get - not to mention that it's
> cheaper to maintain, cheaper to run, easier to configure in most cases,
> and a lot less fool-proof than a linux box.
only if you don't know how. however, i am basing my opinion on freebsd,
which is very easy for me to setup, run, maintain, update and it's
extremely cheap. free. totally free. all i need to do is go to
www.compgeeks.com, spend $50.00 to $100.00 on real hardware (or use a
system that's being replaced), which in turn, will give me more
flexibility in the home or small office LAN environment than ANY router
or firewall on the market. period. my freebsd firewall is running on a
pentium 200 machine with a 1gig harddrive and 32mb of ram. you can damn
near pick one of those up for $10.00 on ebay.
> Don't get me wrong, a nix box running a firewall is a great thing, but
> since the appliances have come forward as far as they have (not counting
> the PIX), they offer everything that most nix application firewalls
the only thing they offer is routing and firewalling (and a couple with
IDS). a *nix firewall can offer that and just about anything else you
-- Colonel Flagg http://www.internetwarzone.org/ Privacy at a click: http://www.cotse.net Q: How many Bill Gates does it take to change a lightbulb? A: None, he just defines Darkness? as the new industry standard..." "...I see stupid people."