Linux Based Firewalls

[Steven W. Orr]

On Friday, Nov 14th 2003 at 07:46 -0500, quoth Sharpe, Richard:

=>Hi all
=> 
=>    We are attempting to find a Enterpise strength Firewall, so far
=>Smoothwall has been evaluated and we found that SuSE's Firewall on CD is not
=>sold in the US, do any of you have any favorites to recommend ? I would feel
=>better hearing what this group has to say instead of sales people.

I run with a FIAIF [which stands for FIAIF Is An Intelligent Firewall].
It's at www.fiaif.net

I did extensive research on Linux based firewalls and I think I understand 
the terrain *very* well. It came down to two choices: FIAIF and shorewall.
There are a pile of GUI based firewalls out there and none of them are any 
good (from my perspective). The basic iptables interface has a pretty rich 
set of functionality and no gui out there gives you access to the whole 
set. The alternative is for a system where you write configfiles. I have a 
writeup on my firewall at http://steveo.syslang.net/config/firewall.html 
but the basic jist of it is that you create one config file for the 
firewall itself, and then one more for each zone to be administered. So in 
my case at home I have two NICs: one going to the internet and one going 
to my internal lan. I have a client with 100+ computers who also has a 
DMZ. It's very easy to understand and make modifications. Let me know if 
you have any questions.

-- 
-Time flies like the wind. Fruit flies like a banana. Stranger things have -
-happened but none stranger than this. Does your driver's license say Organ
-Donor?Black holes are where God divided by zero. Listen to me! We are all-
-individuals! What if this weren't a hypothetical question?
steveo at syslang.net