Re: Iptables vs. Cisco PIX - Francesco Ciocchetti

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Francesco Ciocchetti <primero@fastwebnet.it>
To: Alejandro Cabrera Obed <sisdis@tournet.com.ar>,
	"Netfilter lista (iptables)" <netfilter@lists.netfilter.org>
Subject: Re: Iptables vs. Cisco PIX
Date: Sat, 09 Apr 2005 20:10:24 +0200	[thread overview]
Message-ID: <42581A90.3050706@fastwebnet.it> (raw)
In-Reply-To: <038201c53c4c$6e94e540$0200a8c0@ale>

Alejandro Cabrera Obed wrote:

>Hi people !!!
>
>  
>
Hi :)

I would say that while Iptables is a set of Block to build a Wall ,
Cisco PIX is a pre-built Wall you just have to paint and let it shine.

Iptables gives for sure a lot of opportunities of configuration and
traffic control that a Cisco Pix does not and i think is not possible to
forget that Iptables-Firewall is a complete Linux system with all the
advantages this can gives, for example a cron-tab, scripting , and so on.

I think that , as always, the choice depends on your needs from the device.
If you need a statefull firewall failover your choose is done because
iptables is not ready to do it yet while Cisco PIX does it in a clear
and fast way.

I would always use a Cisco Pix as Border Firewall because of its
reliability and performance, also because i would not do specific or
particular filter at this level of network. I would instead use a
Linux/Iptables firewall at 'User Level' because it would let me to do
ANYTHING i want and because at this level i could , maybe, leave the
statefull failover out to have the maximum flexibility possible.

bye
<P>

next prev parent reply	other threads:[~2005-04-09 18:10 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-08 15:05 Iptables vs. Cisco PIX Alejandro Cabrera Obed
2005-04-08 17:28 ` Jiann-Ming Su
2005-04-08 18:59   ` John A. Sullivan III
2005-04-08 19:42 ` Taylor, Grant
2005-04-09 18:10 ` Francesco Ciocchetti [this message]
2005-04-09 19:07   ` Grant Taylor
2005-04-10 11:06     ` Francesco Ciocchetti
  -- strict thread matches above, loose matches on Subject: below --
2005-04-11 13:41 Iptables
2005-04-13 10:33 ` Moritz Gartenmeister

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42581A90.3050706@fastwebnet.it \
    --to=primero@fastwebnet.it \
    --cc=netfilter@lists.netfilter.org \
    --cc=sisdis@tournet.com.ar \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.