Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] TIS FWTK
  • From: jjohnson@xxxxxxxxxxxxxxxxxxxx
  • Date: Fri, 8 Dec 2000 15:57:27 -0800
  • Message-id: <20001208155727.B11662@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
You fail to see my point.

PMfirewall is just a gui frontend to ipchains. And to get the terminology straight.
- see http://freshmeat.net/projects/pmfirewall/?highlight=pmfirewall

" PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It is designed to allow a beginner to build a custom firewall with little or no ipchains experience. This firewall should work for most Workstations, Servers, and Dual NIC routers using either a dialup, DSL, Cable, or LAN setup. It is restrictive to outside attacks while still being as transparent as possible to those inside. "


bleh

-miah

On Sat, Dec 09, 2000 at 12:48:59AM +0100, Oliver Hensel wrote:
> Hi
>
> On Fri, 8 Dec 2000 jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:
>
> > And if you read the list, you will realize that I was referencing
> > PMfirewall. Which is a frontend to ipchains.
>
> True, but IPCHAINS it is *not* (just like PMfirewall, SINUS, gfcc, and all
> those other front ends) an alternative to FWTK or any other proxy-based
> and/or stateful firewall. IPCHAINS can perfectly act as part of a complete
> firewall solution, but many other routers (every "enterprise" strength
> router) has a built-in packetfilter with much higher performance and more
> reliability (no moving parts!).
>
> My posting was not only directed at your suggestion, in fact I agree with
> you pretty much. I just wanted to point out that IPCHAINS has not at all
> the functionality you get from proxy servers.
>
> Greetings
> olli
>
> >
> > Thanks
> > -miah
> >
> > On Sat, Dec 09, 2000 at 12:07:25AM +0100, Oliver Hensel wrote:
> > > Hi.
> > >
> > > On Fri, 8 Dec 2000 jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:
> > >
> > > > If you are going to take the time to use the built in firewalling code
> > > > in linux why would use use a frontend to the program to modify the
> > > > rules? Ipchains is *easy* to use.
> > > >
> > > > -miah
> > >
> > > Yes, but TIS FWTK (and its commercial successor Gauntlet) and Linux
> > > IPFWADM/IPCHAINS/NetFilter are fundamentally different things:
> > >
> > > FWTK provides proxy servers (nothing passes the firewall without being
> > > checked on layer 5/6/7), so you could filter based on content and whatnot
> > > (don't know if FWTK itself does that, due to availability of better proxy
> > > servers like dnsserver, smtpd, squid etc I didn't bother to look at it in
> > > depth)
> > >
> > > Linux IPFWADM/IPCHAINS/NetFilter is only a packet filter, checking on
> > > layer 3/4 (IP/TCP/UDP/ICMP). Add to that that the former two (under Linux
> > > 2.0/2.2) only have static checking available, whereas the much better
> > > NetFilter code with dynamic (stateful) inspection is not yet ready for
> > > prime time, since it's based on a developmental kernel which is not
> > > recommendable for something as sensitive as a firewall.
> > >
> > > Hope that clears up some (mis-)conceptions.
> > >
> > > Greetings
> > > olli
> > >
> > > >
> > > > On Fri, Dec 08, 2000 at 11:31:44AM -0500, Fred A. Miller wrote:
> > > > > jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:
> > > > > >
> > > > > > TIS FWTK is a complete waste of time.
> > > > >
> > > > > PMFirewall is VERY easy to use, and so far as I know, works on ALL
> > > > > "flavors" of Linux.
> > > > >
> > > > > Fred
> > > > >
> > > > > --
> > > > > ----/ / _ Fred A. Miller
> > > > > ---/ / (_)__ __ ____ __ Systems Administrator
> > > > > --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services
> > > > > -/____/_/_//_/\_,_/ /_/\_\ fm@xxxxxxxxxxx
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > >
> > > >
> > > >
> > > >
> > >
> > > --
> > > --------------------------------------
> > > Oliver Hensel <oliver.hensel@xxxxxxx>
> > > <ohensel@xxxxxxxxxxxxxxxxxxx>
> > > http://www.ohensel.de/
> > >
> > > Training + Consulting
> > > Unix - Linux - Firewalls - Security
> > > --------------------------------------
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
> >
> >
> >
>
> --
> --------------------------------------
> Oliver Hensel <oliver.hensel@xxxxxxx>
> <ohensel@xxxxxxxxxxxxxxxxxxx>
> http://www.ohensel.de/
>
> Training + Consulting
> Unix - Linux - Firewalls - Security
> --------------------------------------

< Previous Next >
Follow Ups
References