[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux firewall vs Windows and Hardware based firewalls



On Thu, 31 Jul 2003 16:11:14 +1000
"Andre Volmensky" <AndreV@datcom.com.au> wrote:
> What are the advantages of a linux firewall over something like Windows
> with WinRoute on it, or even a hardware based firewall. What are the
> disadvantages etc. I know I am asking on a linux users mailing list, but
> I would also like reply's not to be too bias. 

    To me the advantage over Windows is plain.  With Linux you can pare it
down to the bare minimums and run *just* a router.  No need to fire up a huge
GUI to do the work.  Furthermore there's no need to load in a slew of support
modules into the kernel that will most likely never be needed.  Pare down
those gettys and rip out other components which aren't needed.  What you're
left with is a router that can run in an amazingly small footprint both on
disc and in memory.  While I would not advocate it when was the last time you
saw a Windows router on a floppy?  :)

    Against hardware based routers it is a little different.  There you're
going against specialized hardware.  However, for me, I don't like the notion
of having to telnet anywhere.  Last time I checked, admittedly not recently,
no hardware router supported sshd.  Also you can scale up from a bare-bones
router to make some things easier for neophytes.

    As an example of both these points let me describe my parent's router. 
They wanted DSL but wanted to have both their personal machines behind it.  I
told'em no problem, just grab an old PC (they have tons, my dad's a PC
packrat), and old HD, toss in a pair of NICs and I'll take care of the rest. 
I showed up with the Woody bootable CD and in about 20-30 minutes had a router
setup for them based on Stable.  Beyond base I think the only things I
installed was shorewall and sshd.  Shorewall is a great firewall package
that's easy to setup, get going and lock down.  I've since added webmin with
the shorewall package.  This gives a basic web interface to configure the
firewall.  So now when things are going wonky I don't have to try to talk my
dad through editing a config fire.  "Click here, add this, move the rule up
here, you're done."  I started out basic and added a piece here and a piece
there to fit the needs of my parents.

-- 
         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
       PGP Key: 8B6E99C5       | main connection to the switchboard of souls.
	                       |    -- Lenny Nero - Strange Days
-------------------------------+---------------------------------------------

Attachment: pgpPADSDWYwxb.pgp
Description: PGP signature


Reply to: