[Dshield] firewall help request

Roman Fomichev from at e-solutions.lv
Fri Oct 3 16:22:46 GMT 2003

Cyberguard has per applience licencing. It costs alot. but security 
allways costs...
About what scalability you're talking about? I don't think, you can manage 
some dozens of linux boxes so easily as cyberguards (or ciscos, or 
checkpoints, or sonicwalls, or...) managed thru centalized management.

Ok, I wasn't right about iptables capabilities(sorry, I'm not working with 
linux so much this days ).

If we are talking about small amount of boxes - yes, linux means more 
scalability, more features, more posibilities.

but in case of running more then N boxes(N<10), linux firewalls TCO hardly 
will be cheeper: you need to patch every box separately, to modify rules 
separately. So in big networks you receive more overhead, more complex 
network to understand, so more propability of having holes in security.

On Fri, 3 Oct 2003 10:42:05 -0400, Mark Tombaugh <mtombaugh at alliedcc.com> 

> On Friday 03 October 2003 01:34 am, Roman Fomichev wrote:
>> As I understand, John, you can't do nothing then packet filtering on
>> linux. No stateful firewall, no proxing technologies....
>> Linux with iptables is good for very low cost solutions or for home
>> solution, where two skilled people using opera browser surh the net.
>> But if you are talking about normal security budget, you need to have 
>> such
>> solution that can protect you users running IE.
>> Cyberguard with proxying technologies or equivalent solutions from other
>> vendors
> This is absolute fud. Iptables is used extremely effectively on very 
> large
> corporate, governmental , and educational networks, in order to provide
> scalable, stateful, packet filtering within tight budgets, which is why 
> it is
> also found on small home LANs.
> Before you make anymore rifrikindiculous comments like this, educate 
> yourself:
> <http://www.netfilter.org/documentation/>
> <http://www.linuxsecurity.com/feature_stories/feature_story-148.html>
> <http://www.securityfocus.com/infocus/1531>
> Budget? Whats a Cyberguard cost these days? Is it per seat licensed like 
> Cisco
> is?
> Less fud more facts please.
> (Sorry for the redundant post, I couldnt help myself)

Roman Fomichev

If you don't keep up with security fixes, your network won't be yours for 

More information about the list mailing list