Beer for a good software firewall.

Reply
Page 1 of 2 1 2 LastLast
  1. #1

    Join Date
    Apr 2006
    Location
    Kwun Tong
    Posts
    1,242

    Beer for a good software firewall.

    Who ever saves me the work of looking this up can get a 3 pints out of me.

    I normally use hardware firewalls due to reliability, performance, completeness in features etc. and most software firewalls I've seen or had to use have always pissed me off due to limitations or hardware reliability.

    Having thought about these Sun Netra T1/105 I have with 6 ethernet ports I think they would make a good firewall if I had a decent software to run on it.

    So here are the requirements.

    - Works as a transparent bridge and is able to take into account it has 5 segments around it.
    - Two of the FE ports can be aggregated using Cisco Fast Ether Channel for the untrusted side.
    - Runs on Sun Netra, support the Quad FE card using Free/NetBsd or solaris.

    Preferably.
    - Has to do complete family of IP protocols, not just TPC, UDP and ICMP.

    I am not interested in Linux. Lets spare ourselves the argument.


  2. #2

    Join Date
    Apr 2003
    Posts
    12,385

    Doesnt Solaris include Sunscreen?


  3. #3

    Join Date
    Apr 2006
    Location
    Kwun Tong
    Posts
    1,242

    sun screen used to be checkpoint-1 OEM.
    not sure if it is in there, and if it is, does it work transparently/bridging mode? and is it free?


  4. #4

    Join Date
    Apr 2003
    Posts
    12,385

    What version of Solaris are you on? IP Filter seems to have replaced Sunscreen in 10. I know for sure it used to be included for free in Solaris 9.


  5. #5

    Join Date
    Apr 2006
    Location
    Kwun Tong
    Posts
    1,242

    Its a new install, so most likely Solaris 11, which BTW I've been told has a lovely desktop, and runs nicely on Intel boxes even P3's.


  6. #6

    Join Date
    Apr 2006
    Location
    Kwun Tong
    Posts
    1,242

    Now you have me searching for the info myself. SunScreent 3.1 comes in standard (US$14.5k) or lite version, which is free

    http://www.sun.com/software/securenet/lite/

    The two questions are, will it run on Solaris 11, and does the free version also do stealth mode like the full product does?


  7. #7

    Join Date
    Sep 2007
    Posts
    72
    Quote Originally Posted by hk.com
    SunScreent 3.1 comes in standard (US$14.5k) or lite version, which is free

    http://www.sun.com/software/securenet/lite/

    The two questions are, will it run on Solaris 11, and does the free version also do stealth mode like the full product does?
    1)
    I assume you refer to Sun's Stealth Firewalls

    http://solv.com/reference/stealthfw/

    That is Sun's technology. FreeBSD and Linux both combine a bridging mode with their packet filter to become a Stealth Firewall.


    Personally I don't use complicate firewall. I run my server for personal use only. Iptables can cater my need. I can setup very rigid rules but it is NOT necessary for me.


    Immediate off my head is;
    Shoreline Firewall 4.0.3
    http://linux.softpedia.com/get/Syste...wall-330.shtml

    You can take a shot.


    Or you can do "Ethernet Bridging"
    http://openvpn.net/bridge.html

    Or try
    Using Linux virtual bridging, User-Mode-Linux and Zebra for IP routing exercises
    http://www.lathspell.de/linux/uml/


    2)
    Most Linux software can run on Unix.

  8. #8

    Join Date
    Dec 2006
    Location
    Hong Kong
    Posts
    73

    Windows x64 firewall

    I'd like to give a pint who can set me up with a firewall for my x64.

    I had loved the Zone Alarm firewall, but they don't have anything that will work on x64.

    I am doomed!


  9. #9

    Join Date
    Apr 2003
    Posts
    12,385

    Heh .. my condolences. You've walked into a Linux thread.


  10. #10

    Join Date
    May 2004
    Posts
    1,270

    I'll be honest, I have no idea what your needs are. But would this be suitable at all? I always use it on my webservers, so my needs may be different... But who knows, I thought I'd throw it out there. Gotta take a shot at a chance of getting 3 pints!

    http://rfxnetworks.com/apf.php


Reply
Page 1 of 2 1 2 LastLast