Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] TIS FWTK
  • From: Oliver Hensel <oliver.hensel@xxxxxxx>
  • Date: Sat, 9 Dec 2000 00:07:25 +0100 (CET)
  • Message-id: <Pine.LNX.4.21.0012082359050.29545-100000@xxxxxxxxxxxxxxxxxxxxxxxxx>
Hi.

On Fri, 8 Dec 2000 jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:

> If you are going to take the time to use the built in firewalling code
> in linux why would use use a frontend to the program to modify the
> rules? Ipchains is *easy* to use.
>
> -miah

Yes, but TIS FWTK (and its commercial successor Gauntlet) and Linux
IPFWADM/IPCHAINS/NetFilter are fundamentally different things:

FWTK provides proxy servers (nothing passes the firewall without being
checked on layer 5/6/7), so you could filter based on content and whatnot
(don't know if FWTK itself does that, due to availability of better proxy
servers like dnsserver, smtpd, squid etc I didn't bother to look at it in
depth)

Linux IPFWADM/IPCHAINS/NetFilter is only a packet filter, checking on
layer 3/4 (IP/TCP/UDP/ICMP). Add to that that the former two (under Linux
2.0/2.2) only have static checking available, whereas the much better
NetFilter code with dynamic (stateful) inspection is not yet ready for
prime time, since it's based on a developmental kernel which is not
recommendable for something as sensitive as a firewall.

Hope that clears up some (mis-)conceptions.

Greetings
olli

>
> On Fri, Dec 08, 2000 at 11:31:44AM -0500, Fred A. Miller wrote:
> > jjohnson@xxxxxxxxxxxxxxxxxxxx wrote:
> > >
> > > TIS FWTK is a complete waste of time.
> >
> > PMFirewall is VERY easy to use, and so far as I know, works on ALL
> > "flavors" of Linux.
> >
> > Fred
> >
> > --
> > ----/ / _ Fred A. Miller
> > ---/ / (_)__ __ ____ __ Systems Administrator
> > --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services
> > -/____/_/_//_/\_,_/ /_/\_\ fm@xxxxxxxxxxx
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
>
>

--
--------------------------------------
Oliver Hensel <oliver.hensel@xxxxxxx>
<ohensel@xxxxxxxxxxxxxxxxxxx>
http://www.ohensel.de/

Training + Consulting
Unix - Linux - Firewalls - Security
--------------------------------------


< Previous Next >
References