different types of firewall?

Forum Moderators: bakedjake

Message Too Old, No Replies

different types of firewall?

jamie

6:34 am on May 20, 2005 (gmt 0)

hi,

up until now we have always used iptables for our firewall. we block all traffic except the ones we need, http(s), smtp, pop, imap.

am i right in thinking that a hardware firewall solution will not be any securer; it will simply prevent a DOS attack from taking the server with it when it crashes?

or are there other benefits to a hardware firewall?

thanks

wheel

11:50 am on May 20, 2005 (gmt 0)

I believe you're correct. Many linux servers are run outside of a hardware firewall. One less point of failure.

DDOS attacks can genereally be handled by your ISP.

idoc

5:29 am on May 21, 2005 (gmt 0)

I like a separate firewall nonetheless. I use a stripped down bsd kernel firewall on recycled server hardware to limit and route traffic in front of linux web and mail servers. Though they are technically both software firewalls, the bsd firewall runs only minimal services needed to filter and route packets. To me, the less daemons running the more secure. Also, I still run the basic iptables firewalls on the linux servers. I figure I am saving resources on the linux servers by screening traffic in front of them with the bsd firewall as well as providing a double wall.

jamie

12:07 pm on May 21, 2005 (gmt 0)

that's an interesting concept idoc.

might be difficult to implement with our current host though. they do offer a hardware firewall, but it is expensive. i wondered whether it really would be worth the extra investment, when basically the same rules as iptables would be enforced.

i hadn't thought about the fact that all the routing is then done on the firewall, which frees up the main server.

i shall have to ask our host about DDOS and whether that is indeed blocked at point of entry to their network.

thanks both