From: Florent AIDE <faide@alphacent.com>
To: netfilter@lists.netfilter.org
Cc: "Reckhard, Tobias" <tobias.reckhard@secunet.com>
Subject: Re: IPTABLES vs Checkpoint
Date: Thu, 28 Nov 2002 12:23:25 +0100 [thread overview]
Message-ID: <200211281223.29395.faide@alphacent.com> (raw)
In-Reply-To: <96C102324EF9D411A49500306E06C8D102020659@eketsv02.cubis.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi tobias, hi all,
> in flexibility. The company definitely becomes more dependent on the person
> (or people) who know the system. Untrained personnel would probably not be
> able to cope with it or at least its details. You couldn't buy support
> contracts for it.
I wonder how many "untrained personnel" would be able to admin a Firewall
whatever it is ;) (fw1 or iptables or else).
Yes for sure with the nice GUI provided by FW1 some "untrained personnel"
could play with rules easily but is that a good solution ?
There also exist good GUIs for iptables: Firewall Builder
http://www.fwbuilder.org/
it support iptables ipchains ipf and pix based firewalls, it also is a
management console which enables you to create the rules on an admin machine
and then "compile" them to the target "language" and then place it on the
target FW machine via a pubkey auth mechanism ...
So I think the real problem is not really with the GUI, maybe the integration
with VPN can be a problem... because yes FreeSwan is not really user
Friendly, though it works well for me and my clients (Linux and Win machines
alike).
And I think in many countries you can also find Linux consulting companies
which would be likely to offer services around iptables and FreeSwan
management and the like. I am not sure it would be difficult to find one, and
the price should not be much more than with a Firewall-1 consultant.
I say this because the company I work for offers just that kind of services in
France.
> Cheers,
> Tobias
Cheers,
Florent
http://www.alphacent.com
- --
As we enjoy great advantages from inventions of others, we should be glad of
an opportunity to serve others by any invention of ours; and this we should
do freely and generously.
--Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE95fyuQe8gCED8yYERAmnmAJ4rfJceWb3+82Csl6B/sfpPynotdgCgm/+U
2ewmUwcJ0C2S6dsEuR+hgqE=
=t7EB
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2002-11-28 11:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-27 6:39 IPTABLES vs Checkpoint Reckhard, Tobias
2002-11-28 11:23 ` Florent AIDE [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-11-27 6:45 Wayne de Nobrega
2002-11-27 12:06 ` Nick Drage
2002-11-26 19:28 Wayne de Nobrega
2002-11-26 20:53 ` Nigel Clarke
2002-11-26 22:32 ` Nix N. Nix
2002-11-26 23:19 ` Ivan E. Moore II
2002-11-27 1:11 ` Nick Drage
2002-11-27 1:13 ` Nick Drage
2002-11-27 2:17 ` Nigel Clarke
2002-11-26 22:32 ` Ben Russo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200211281223.29395.faide@alphacent.com \
--to=faide@alphacent.com \
--cc=netfilter@lists.netfilter.org \
--cc=tobias.reckhard@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox