From mboxrd@z Thu Jan 1 00:00:00 1970 From: Francesco Ciocchetti Subject: Re: Iptables vs. Cisco PIX Date: Sat, 09 Apr 2005 20:10:24 +0200 Message-ID: <42581A90.3050706@fastwebnet.it> References: <038201c53c4c$6e94e540$0200a8c0@ale> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <038201c53c4c$6e94e540$0200a8c0@ale> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: Alejandro Cabrera Obed , "Netfilter lista (iptables)" Alejandro Cabrera Obed wrote: >Hi people !!! > > > Hi :) I would say that while Iptables is a set of Block to build a Wall , Cisco PIX is a pre-built Wall you just have to paint and let it shine. Iptables gives for sure a lot of opportunities of configuration and traffic control that a Cisco Pix does not and i think is not possible to forget that Iptables-Firewall is a complete Linux system with all the advantages this can gives, for example a cron-tab, scripting , and so on. I think that , as always, the choice depends on your needs from the device. If you need a statefull firewall failover your choose is done because iptables is not ready to do it yet while Cisco PIX does it in a clear and fast way. I would always use a Cisco Pix as Border Firewall because of its reliability and performance, also because i would not do specific or particular filter at this level of network. I would instead use a Linux/Iptables firewall at 'User Level' because it would let me to do ANYTHING i want and because at this level i could , maybe, leave the statefull failover out to have the maximum flexibility possible. bye