From mboxrd@z Thu Jan 1 00:00:00 1970 From: "John A. Sullivan III" Subject: Re: Netfilter vs commercial Date: Mon, 09 Aug 2004 13:45:28 -0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1092073527.18393.116.camel@localhost> References: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: Mike O Cc: netfilter@lists.netfilter.org On Mon, 2004-08-09 at 12:48, Mike O wrote: > John, > > Would you mind elaborating on your comment about Netfilter's stateful engine > being weaker than Checkpoint's? and how would the window tracking patch make > it more secure. We have checkpoint here and have ran into problems, where > checkpoint has limited us in the way we do things here and I have always > wanted to implement netfilter but couldn't because it's open source. I would imagine that you could find "commercial" products that are using iptables and thus get around the open source problem. Astaro, SnapGear and iKloak come to mind. I believe some WatchGuard models are based upon iptables. There are also some other smaller players such as SmoothWall (in the UK), Kyzo, NetMAX and NetMaster. -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@nexusmgmt.com --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net