From: "Brent Deterding" <brent.deterding@techguardsecurity.com>
To: stewart.thompson@shaw.ca,
"David B. Bitton" <david@codenoevil.com>,
netfilter@lists.samba.org
Subject: RE: Linksys v. Netfilter
Date: Sat, 22 Jun 2002 19:37:14 -0500 [thread overview]
Message-ID: <GEEBIPMLCAMAMAMCECKJCEFECGAA.brent.deterding@techguardsecurity.com> (raw)
In-Reply-To: <FLEKIPPLAEDMJMOOBBDPAEHNCGAA.stewart.thompson@shaw.ca>
Correct me if I'm wrong - but we are talking about LinkSys Cable/Router
things, right? The same devices that allow anything out?
Although people tend to forget it - a firewall is there to control traffic
inbound AND outbound. If it isn't controlling it outbound then what's the
difference between a netfilter box and a simple NAT-only solution?
Everything out, nothing in.
-- Brent Deterding
-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of Stewart Thompson
Sent: Saturday, June 22, 2002 3:57 PM
To: David B. Bitton; netfilter@lists.samba.org
Subject: RE: Linksys v. Netfilter
Hmmm. I don't know, but I would think it would be like comparing apples
to oranges. I have, and continue to use both. The Linksys is quick and
easy to set up, and can be looked after by someone with a reasonable
amount of knowledge. It is great for small offices and homes where there
are only a few computers and they have simple needs. It does have some
problems with related connections, so I am not sure if it is truly stateful.
However, I would never consider it for a serious application like
protecting a Corporate LAN. With Netfilter you can write a rule to cover
every situation. To allow or block specific ports and ip's on a case by case
basis. There are still a few areas that helper modules are being developed
for, but there is a core of real dedicated guys working on it. One of the
things I really like about Netfilter is the logging ability. I can set up
rules
to log all kinds of information, and real time data. There are also a number
of other programs that allow traffic shaping, routing, and limiting. This
kind of
stuff just isn't possible wit the Linksys.
Yes it is more work to set up, and a little more capital outlay in
Equipment. However, I think the results are well worth the investment.
Just my two cents worth.
Stu...........
-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of David B. Bitton
Sent: June 22, 2002 11:05 AM
To: netfilter@lists.samba.org
Subject: Linksys v. Netfilter
Have any whitepapers been written on the subject of a Linksys Router v. a
Netfilter implementation?
--
David B. Bitton
david@codenoevil.com
www.codenoevil.com
Code Made Fresh DailyT
next prev parent reply other threads:[~2002-06-23 0:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-22 18:04 Linksys v. Netfilter David B. Bitton
2002-06-22 20:27 ` Sascha Reissner
2002-06-22 20:57 ` Stewart Thompson
2002-06-22 22:18 ` Brian
2002-06-23 0:37 ` Brent Deterding [this message]
2002-06-24 15:46 ` Rowan Reid
[not found] <OMELINNHIGOCHFNAFPEKOELBCAAA.blanda@mnsi.net>
2002-06-22 18:27 ` David B. Bitton
2002-06-22 18:34 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=GEEBIPMLCAMAMAMCECKJCEFECGAA.brent.deterding@techguardsecurity.com \
--to=brent.deterding@techguardsecurity.com \
--cc=david@codenoevil.com \
--cc=netfilter@lists.samba.org \
--cc=stewart.thompson@shaw.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox