-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ביום שני, 28 באוקטובר 2002, 08:00, Tzahi Fadida כתב על 'RE: big question: FW-1 VS. Linux security tools': > Netfilter is not yet there because of the gui and tools fw-1 has and > linux don't.
Hetz specificly asked not to factor the GUI and tools. > and by tools, i don't mean a software that some kids wrote, Hey - don't degrade kids who right software - some of the best software in the world was written by kids. > i mean tools > that can interact with the firewall and with the rules, like virus > scanning, vpn, and ids, etc.. checkpoint has standards for these, and > linux don't. Standards ? as in - we set the rules, you follow ? yes- Linux has those. with NetFilter you can setup rules to filter packets into a userland target which can do just about anything you want. the fact that no commercially available software has been written to take advantage of it (at least AFAIK), does not mean that the firewall itself is not good. FW-1 does not have those tools built in either - you need to buy them externally. so with NetFilter : it has the capabilities, now go write your external tools. > In addition there are products from checkpoint that are hardware based > and can surely outperform linux on a x86 computer any day. Let me guess what OS is running those hardware based products... hmm.. windows ? naa. probably linux. You can embed linux too, and there are several companies that offer epliances that run linux as a firewall. What you are basicly saying it - Linux is not ready to take on FW-1 because no commercial company has yet built firewalls suites (including everything) based on NetFilter. well shucks - you know what ? you can count the companies that offer firewall suite comparable to Checkpoint's on one hand and you'd still be able to hold a fork. that's why Checkpoint are market leaders. you can do with NetFilter whatever you do with FW-1, but it takes time to get it right. - -- Oded ::.. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9wkbdkltamOf8EzsRAredAKCwppQqa/FpB4gWtXwFCE0mxlPgJACfZIt1 XZrVmpfH2WTKTROZNQEg35o= =lE1E -----END PGP SIGNATURE----- ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
