Re: Linux Firewalling - Further Adventures with DSL

To: Debian User <debian-user@lists.debian.org>
Subject: Re: Linux Firewalling - Further Adventures with DSL
From: ScruLoose <scruloose+debuser@eastlink.ca>
Date: Fri, 9 May 2003 14:44:17 -0400
Message-id: <[🔎] 20030509184417.GA12967@shorty.ca>
Mail-followup-to: Debian User <debian-user@lists.debian.org>
In-reply-to: <[🔎] 3EBBAA8D.1080700@mailandnews.com>
References: <[🔎] 3EBBAA8D.1080700@mailandnews.com>

On Fri, May 09, 2003 at 09:18:05AM -0400, William Cooper wrote:
> Hello all,
>    one of the company's suppliers got wind that we where going to host 
> web services on a DSL connection. They are now trying to convince 
> management (and me) that Linux as a company firewall is not acceptable, 
> that we need a CISCO PIX or equivilant to protect the company's network.

Sounds a lot like the usual FUD tossed around by the proprietary-software
crowd, to me...  I would ask them exactly *how* the Cisco-or-equivalent
solution is supposed to be better.

>    Is this true? I have been using Debian as a firewall for a while now 
> with no complaints, but on a dial-up. Putting the machine with a fixed 
> IP for possible attacks is a different matter. Does anyone have 
> information about the situability of Linux as a firewall over long 
> periods? A comparison of Linux versus a hardware or proprietry 
> software/hardware solution?

I am by *no* means an expert in this area, but here are a couple thoughts
that spring to mind:

Do you trust a "black-box" solution from a third party who you *know* is
not going to tell you what's under the hood?  Do you trust this more than
you trust an installation that you set up yourself (You can take this right
to the level of reading every line of the source code if you're ambitious
and paranoid enough...)?

If & when you find the firewall behaving in a way you don't want...  if
it's a Linux-box you set up yourself, then you just go in there and
reconfigure/debug it.  If it's a hardware firewall, you can expect "Are you
running the latest firmware version?  Yes? Oh, well then you just have to
live with it."

If you don't know what you're doing in setting up the Linux firewall, then
it *is* risky, and a black-box solution just might beat it.  But if you
know enough to configure the Linux solution *properly*...

	Cheers!
-- 
,-----------------------------------------------------------------------------.
>      -ScruLoose-      |    If I had a dog as daft as you, I'd shoot him.    <
>     Please do not     |                  - Scottish Proverb                 <
>    reply off-list.    |                                                     <
`-----------------------------------------------------------------------------'

Attachment: pgpDbMyurdS7v.pgp
Description: PGP signature

Reply to:

References:
- Linux Firewalling - Further Adventures with DSL
  - From: William Cooper <BillCooper@mailandnews.com>

Prev by Date: Re: Cooling requirements of 7200 rpm HD's
Next by Date: Re: reisefs vs ext2 or ext3
Previous by thread: Re: Linux Firewalling - Further Adventures with DSL
Next by thread: Re: [DEB-USER] Linux Firewalling - Further Adventures with DSL
Index(es):
- Date
- Thread