On Thu, 12 Jan 2006 14:59:54 -0500, you wrote:
On Thursday 12 January 2006 13:59, Kai Ponte wrote:
I know this is going way OT
no, no, no.... it's waaaaaaaaay OT!
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
[snip] My $.02 (USD) - I didn't see anyone mention the reason I use ZA on doze boxes - it's great for catching and blocking phone-homes. "Windows media player is trying to access the internet, allow or not? No - never. End of problem. Honest to $DIETY, I never used to hate windows as much as I do after watching every damned application, patch, and OS update want to phone home. It's flat out disgusting. What I run on my computer is nobodies business. And as for the 'hardware firewall' question, please tell me you're talking about a real firewall and not one of those stupid Linksys things. As I'm sure you know, that's in no way a firewall (or a router) - it's a buggy (VERY buggy, the last time I tried one) NAT layer implemented in hardware. The port forwarding and 'DMZ' features don't (or didn't) even work right. I'm working my way thru making snort_inline work in front of a shorewall/iptables setup. THAT is a firewall. After I get that figured out I'm going to try my hand at traffic shaping. Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,