[ILUG] Firewall question ...
John P. Looney
john at antefacto.com
Wed Jul 4 11:54:03 IST 2001
On Wed, Jul 04, 2001 at 10:47:59AM +0100, Eoin Verling mentioned:
> I'm looking to get Checkpoint/VPN firewall s/w ... and am prob gonna get
> it for Linux. Some people are saying that it shouldn't be put on Linux,
> and that Solaris is what it should be running on.
I don't think Checkpoint do a Firewall on Linux.
Linux has it's own firewall. The 2.4 kernel uses a firewall package
called "Netfilter". Have a read through of it's HOWTO [0] to get an idea of
what it can do. To get VPN functionality, you need a package called
"FreeS/WAN"[1] which gives you very secure connections between Linux and
Windows 2000 or Gauntlet equipped machines.
Have a look through Freshmeat for iptables and ipchains configuration
tools (iptables is the new command-line interface to Netfilter, ipchains
is the old one).
> Anyone had experience of using it? Surely it's not "insecure" running on Linux???
I'd steer clear of Checkpoint, unless you have a really good business
case for it. It's very complex and expensive. And, as you say, you have to
have a Solaris or a Windows NT box to run it on.
John
[0] http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
[1] http://www.freeswan.org
--
When I say 'free', I mean 'free': free from bond, of chain or command:
to go where you will, even to Mordor, Saruman, if you desire. "
-- Gandalf, paraphrasing the choice between Free and Non-free software
More information about the ILUG
mailing list