My only problem with iptables is I've experienced a problem with it running on Red Hat 7.0 - AS 2.1 where it will just stop analyzing packets and just pass em on through until I restart the service. A rep at Red Hat support said this was due to the use of a depreciated driver (eepro100) well if it's deprecated and you know you have a better one then go ahead and not make that the default on install! So I changed the driver for my NIC to use ee100 instead, a better driver, but alas it this error/bug/over sight/exhaustion still took place...I've resorted to just creating a cron job to restart the start the service ever so often. It took weeks before it happened...This has since fixed my problem...Although there is a .05 sec moment of being vulnerable I guess....
At one of my office's we switched to using Watch Guard. Seems like a pretty nice product. Softwall looked like a viable option as well. My only problem was they were not in the US and I have a problem with not having easy to enforce laws backing my relationship with a company if there was ever a problem. Jon Pastore RHCE, President IDE Tech, Inc. (954) 360-0393 Office (954) 428-0442 Fax -----Original Message----- From: Daniel R. Miessler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 21, 2003 12:05 AM To: [EMAIL PROTECTED] Subject: RE: suggestions on a good firewall -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Please get a real Firewall use OpenBSD and PF You can't go wrong with Linux and IPTABLES either (unless you misconfigure it). :) If you are not manually oriented, check out Astaro at www.astaro.com. It's a top-notch product, and I don't believe any of the more popular firewall distros even come close to it. It's also free for home use - in case you are wondering. - -Daniel Miessler -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBPsr641Jwf7WiYT5vEQKftgCfenZwtt70IoRrB2ByrdNpzHrVpjMAoNAM y2QGW9+Ro41dOaRLndGjMZIY =RRug -----END PGP SIGNATURE----- ------------------------------------------------------------------------ --- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
