Need a Firewall

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Freddie,

As a *ix enthusiast what do you think of smoothwall?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

For some really good information relating to this topic I would suggest reading this thread posted in the wonderful Ozzie Whirlpool forum...

http://forums.whirlpool.net.au/forum-replies.cfm?t=361628&p=1

You will see that there are many mixed and varied opinions regarding software firewalls, hardware firewalls, NAT/PAT etc.

I still believe like Freddy that if you are a home user or SOHO and you are using a NAT type device, with built in firewall protection against DDOS attacks etc, along with up to date anti-virus software and malware blocking software and with a fully updated system, you are pretty well protected. You can chose to run a personal firewall on all your systems if you want to but I don't think it is necessary.

edited a ypot

 

Boyce,

Unfortunately all I know about smoothwall is what I've read. I have read a lot of positive things about it, and as far as I can remember have never read anything negative about it.

There are a lot of people using it who swear by it, not at it.

 

Freddie + Bluerinse,

Thanks for the input

 

i'm a bit wacked. i've got a netgear router hooked onto my cable modem. behind that, there's a machine loaded with astaro secure linux. from that box i make a split to my internal network and to my dmz.
to my internal network first comes a linksys wireless router (flashed with more secure 3rd party firmware), then my internal machines, all configured with sygate. to my dmz first there's a machine loaded with isa2004, followed by a linksys router. no additional software on the dmz machines.

so, traffic to my internal network has to pass netgear, astaro, linksys1 and sygate.
traffic to my dmz has to pass netgear, astaro, isa2004 and linksys2.

 

That seems a tad OTT!

At least you get to have hands-on practise on lots of kit!

Harry.

 

LOL. I found your theme song d-Faktor :

[font=Arial, Helvetica, sans-serif]They're coming to take me away, ha-haaa.
They're coming to take me away, ho ho, he he, ha ha,
To the funny farm, where life is beautiful all the time
And I'll be happy to see those nice young
Men in their clean white coats and

They're coming to take me away, ha-haaa!
To the happy home with trees and flowers and chirping birds
And basket weavers who sit and smile
And twiddle their thumbs and toes
And they're coming to take me away, ha-haaa!
To the funny farm, where life is beautiful all the time
And I'll be happy to see those nice young
Men in their clean white coats and
They're coming to take me away! [/font]​

Seriously though, it must be nice to be able to afford such a "paranoid" network. It would be fun to set that up. You're a "lucky dog" d-Faktor.

The above lyrics are from "They're Coming to Take Me Away" by Jerry Samuels. You can listen to one rendition of the full song here. This is a Real Audio link but can be played on Linux machines that have mplayer and the mozilla mplayer plugin installed.

 

look what santa gave me...

 

I have an ISA 2004 firewall at the front end

I dropped the dual firewall config, but I have access lists on my 2611 for initial filtering, nothing too granular though, tis an old puppy

I may be moving to XP host based just to protect the edge, or ill use some of my NFR copies of flash edge security software

 

Interesting link Bluerinse....

"Some ISPs route private IP address ranges, even though "officially" these address ranges are not meant to be routable and are meant to be dropped by all internet routers. One ISP even assigns private IP addresses to its network routers. So, do not assume that using private IP addresses is any guarantee of security. You really do need a firewall."