[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Smooth wall - more detailed
- To: Linux-IL mailing list <linux-il(at-nospam)linux.org.il>
- Subject: Re: Smooth wall - more detailed
- From: Eli Marmor <marmor(at-nospam)netmask.it>
- Date: Thu, 30 Aug 2001 08:37:53 +0300
- Delivered-To: linux.org.il-linux-il@linux.org.il
- Organization: Netmask (El-Mar) Internet Technologies
- References: <Pine.GSO.4.33_heb2.09.0108300807360.12775-100000@techunix.technion.ac.il>
- Sender: root(at-nospam)main.aquanet.co.il
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Thanks, Tzafrir.
> OTOH you have 'firewall' versions of Mandrake and SuSE. I think that both
> allow you 2.2 and 2.4 . The Mandrake one is GPL. From a number of reviewes
> I read about it, it can be nice if you want to setup a small gateway
> (those reviews also meant: don't expect much more)
As far as I know, the "firewall" version of Mandrake is only 2.2, so there
is no iptables/stateful-inspection support. In addition, no support for DMZ
(I'm not sure).
I don't know details about SuSE's offering.
In any case, there is a major drawback for both:
Contrary to special "hardened" distros (such as Smoothwall and Astaro),
SuSE and Mandrake may be easier to break into.
In addition, most of the "firewall-dedicated" distros, are read-only (i.e.
comes on a bootable CD, or downloaded and burned on a CDR, while their
configuration resides on a floppy, that is usually write-protected (and is
enabled for writing only during re-configurations).
I don't believe that this is the case with Mandrake/SuSE, so they don't
make them really "running for their money".
A mid-summary: To make things easier, let me summarize the criteria for a
Linux firewall to be ideal:
* free (where Astaro is inferior)
* based on a distro dedicated for being a firewall (where Mdk and SuSE
are inferior), preferrably - read-only (except for the configuration
which is writable only when needed, and an optional logging)
* 2.4.* based (i.e. support for iptables/netfilter/stateful-inspection)
* GUI (where most of the mini-distros are inferior)
* support all the important features (it may surprise some of you, but
some "firewall" packages don't support more than 2 interfaces, i.e. no
support for DMZ!)
Among those 5 points, most of the "competitors" meet 4, but none meets
all the 5, as far as I know (nobody is perfect...).
--
Eli Marmor
marmor@netmask.it
CTO, Founder
Netmask (El-Mar) Internet Technologies Ltd.
__________________________________________________________
Tel.: +972-9-766-1020 8 Yad-Harutzim St.
Fax.: +972-9-766-1314 P.O.B. 7004
Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il