Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] TIS FWTK
  • From: Oliver Hensel <oliver.hensel@xxxxxxx>
  • Date: Sat, 9 Dec 2000 01:05:28 +0100 (CET)
  • Message-id: <Pine.LNX.4.21.0012090103270.32343-100000@xxxxxxxxxxxxxxxxxxxxxxxxx>
On Fri, 8 Dec 2000 jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:

> You fail to see my point.

No, you do :-) let's talk about different things forth and back.
I know what you mean, I don't like graphical frontends for ipchains
myself.

Greetings
olli

>
> PMfirewall is just a gui frontend to ipchains. And to get the terminology straight.
> - see http://freshmeat.net/projects/pmfirewall/?highlight=pmfirewall
>
> " PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It is designed to allow a beginner to build a custom firewall with little or no ipchains experience. This firewall should work for most Workstations, Servers, and Dual NIC routers using either a dialup, DSL, Cable, or LAN setup. It is restrictive to outside attacks while still being as transparent as possible to those inside. "
>
>
> bleh
>
> -miah
>
> On Sat, Dec 09, 2000 at 12:48:59AM +0100, Oliver Hensel wrote:
> > Hi
> >
> > On Fri, 8 Dec 2000 jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:
> >
> > > And if you read the list, you will realize that I was referencing
> > > PMfirewall. Which is a frontend to ipchains.
> >
> > True, but IPCHAINS it is *not* (just like PMfirewall, SINUS, gfcc, and all
> > those other front ends) an alternative to FWTK or any other proxy-based
> > and/or stateful firewall. IPCHAINS can perfectly act as part of a complete
> > firewall solution, but many other routers (every "enterprise" strength
> > router) has a built-in packetfilter with much higher performance and more
> > reliability (no moving parts!).
> >
> > My posting was not only directed at your suggestion, in fact I agree with
> > you pretty much. I just wanted to point out that IPCHAINS has not at all
> > the functionality you get from proxy servers.
> >
> > Greetings
> > olli
> >
> > >
> > > Thanks
> > > -miah
> > >
> > > On Sat, Dec 09, 2000 at 12:07:25AM +0100, Oliver Hensel wrote:
> > > > Hi.
> > > >
> > > > On Fri, 8 Dec 2000 jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:
> > > >
> > > > > If you are going to take the time to use the built in firewalling code
> > > > > in linux why would use use a frontend to the program to modify the
> > > > > rules? Ipchains is *easy* to use.
> > > > >
> > > > > -miah
> > > >
> > > > Yes, but TIS FWTK (and its commercial successor Gauntlet) and Linux
> > > > IPFWADM/IPCHAINS/NetFilter are fundamentally different things:
> > > >
> > > > FWTK provides proxy servers (nothing passes the firewall without being
> > > > checked on layer 5/6/7), so you could filter based on content and whatnot
> > > > (don't know if FWTK itself does that, due to availability of better proxy
> > > > servers like dnsserver, smtpd, squid etc I didn't bother to look at it in
> > > > depth)
> > > >
> > > > Linux IPFWADM/IPCHAINS/NetFilter is only a packet filter, checking on
> > > > layer 3/4 (IP/TCP/UDP/ICMP). Add to that that the former two (under Linux
> > > > 2.0/2.2) only have static checking available, whereas the much better
> > > > NetFilter code with dynamic (stateful) inspection is not yet ready for
> > > > prime time, since it's based on a developmental kernel which is not
> > > > recommendable for something as sensitive as a firewall.
> > > >
> > > > Hope that clears up some (mis-)conceptions.
> > > >
> > > > Greetings
> > > > olli
> > > >
> > > > >
> > > > > On Fri, Dec 08, 2000 at 11:31:44AM -0500, Fred A. Miller wrote:
> > > > > > jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:
> > > > > > >
> > > > > > > TIS FWTK is a complete waste of time.
> > > > > >
> > > > > > PMFirewall is VERY easy to use, and so far as I know, works on ALL
> > > > > > "flavors" of Linux.
> > > > > >
> > > > > > Fred
> > > > > >
> > > > > > --
> > > > > > ----/ / _ Fred A. Miller
> > > > > > ---/ / (_)__ __ ____ __ Systems Administrator
> > > > > > --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services
> > > > > > -/____/_/_//_/\_,_/ /_/\_\ fm@xxxxxxxxxxx
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > --
> > > > --------------------------------------
> > > > Oliver Hensel <oliver.hensel@xxxxxxx>
> > > > <ohensel@xxxxxxxxxxxxxxxxxxx>
> > > > http://www.ohensel.de/
> > > >
> > > > Training + Consulting
> > > > Unix - Linux - Firewalls - Security
> > > > --------------------------------------
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > >
> > >
> > >
> > >
> >
> > --
> > --------------------------------------
> > Oliver Hensel <oliver.hensel@xxxxxxx>
> > <ohensel@xxxxxxxxxxxxxxxxxxx>
> > http://www.ohensel.de/
> >
> > Training + Consulting
> > Unix - Linux - Firewalls - Security
> > --------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
>
>

--
--------------------------------------
Oliver Hensel <oliver.hensel@xxxxxxx>
<ohensel@xxxxxxxxxxxxxxxxxxx>
http://www.ohensel.de/

Training + Consulting
Unix - Linux - Firewalls - Security
--------------------------------------


< Previous Next >
References