This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

No more difficult than Cisco's PIX/ASA firewall box

Posted by: Anonymous [ip: 70.169.167.212] on December 15, 2007 05:51 AM

I run Cisco PIX and ASA firewalls all day. I also do iptables and pf (from OpenBSD). Learning the iptables interface is no more difficult than learning Cisco's access-lists. All you have to do is, as my Dad says, *do your homework*.


If you want pointy-n-clicky on your firewall, then you're an MCSE who needs to call someone who actually knows what he's doing. Building an enterprise firewall strategy is not for those who don't understand what's going on and how to do it right. I agree with the person who said that front-ends like KMyFirewall are fine for basic home usage, but not enterprise usage. They are emphatically not ready for the "big stuff."


Your organization should always have someone on staff that knows this stuff, even if you farm it out. If you don't have someone like that, then you don't know how to keep the contractor in line. And it's better to have this stuff in-house anyway, because no outside company is going to care for your security the way your own people will. It's an extension of the old axiom, "nobody cares about your business as much as you do."


--TP

#

Return to iptables as a replacement for commercial enterprise firewalls