Thanks for the feedback. We have been using FloppyFW for 2 years now. It is hard for me to do an objective comparison of the two packages because I have been personally using Eigerstein, Dachstein and now Bering. So I have grown very accustomed and comfortable to the way it is structured. I am trying to convince our head sysadmin to switch from FloppyFW to Bering /w shorewall 1.3.10. With no success. (sigh)
Here are the "advantages" of FloppyFW. - you can edit your firewall rules with a Unix text editor on your windows box. (something like NoteTab lite.) - Some would see the "building your own ruleset" as an advantage. I do not. I prefer to have a tested and proven ruleset to start with and then change it as I see fit. - Virtually all editing and configuration of FloppyFW can be done with the text editor mentioned above. Because all of the configs are kept as a series of .ini files. - FloppyFW is a firewall. No more. No less. The packages available for it are very limited. The disadvantages are as follows: - It uses an older version of iptables. Floppy-FW uses 1.2.5 shorewall uses 1.2.6a - You can't stop|start|restart the firewall without rebooting the box. - When the firewall loads the rules. The rules scroll by very quickly and you can't use shift-page-up to backup and see what went wrong. It only goes about two screens up. - If there is a dnscache app for FloppyFW I have not seen it. (The packages available are very limited.) I would have to concede that our sysadmin is right when he says that FloppyFW is working for us so there is no reason to change. But I was hoping that we could migrate to a package that is "in my opinion" far better. I guess I will have to wait until we require IPSEC to make my move and propose Bering /w shorewall again. I was hoping that someone on the list could provide me with some irrefutable evidence that moving from FloppyFW to Bering is a prudent move. But I guess you are right. It must just come down to preference. If anyone has anything to add to this please let me know. Thanks. Troy -----Original Message----- From: Lynn Avants [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 11:21 AM To: Troy Aden Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] FloppyFW vs. Bering 1.0 /w shorewall 1.3.10 On Wednesday 11 December 2002 08:35 am, you wrote: > I am wondering if anyone has ever compared these two packages. I am just > interested to know if anyone has a point by point comparison of the two > packages. I don't seem to be making any headway and any good points > regarding the security and functionality advantages of Bering vs. FloppyFW > would be most helpful. Bering is ultimately more flexible and supports a ton of more hardware/protocols. If your running a cable modem or dsl and only want 2 interfaces with no DMZ or IPSEC and build your own firewall ruleset, FloppyFW would seem to be a feasible option. I can't compare the security since FloppyFW doesn't have a "default" ruleset. There's nothing wrong with this, it's just a matter of preference. I'd be interested if you would try it and send me your opinion of FloppyFW. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
