Summary: Firewall-1 or Ipchains?

From: Robert Johannes (
Date: Tue Jun 27 2000 - 13:10:15 CDT

Thanks to this list, I got lots of responses regarding both
products; infact, too many to list.

The general consensus seems to be that if you can afford, firewall-1 is
definitely a much better, extensive, product. Different people have had
different experiences regarding the two products, about 1/3 contending
that ipchains was easier to implement, and the other 2/3 claiming
firewall-1 was much easier and faster to implement. One individual
particularly pointed out that it is very easy to configure firewall-1
wrongly, and not know it; perhaps this has hapened to alot of people?

People also pointed out possible alternatives, such as ipfilter, which
comes for solaris and the bsd's; sunscreen from sun, sonicwall (by
sonicwall), and netscreen (by netscreen?).

given the expense of fw1, and the lack of extensive features in ipchains,
I'm gonna do some research on ipfilter on openbsd. That combination
sounds relatively solid, and definitely less expensive.

I also got some responses telling me that ipchains is for linux, and not a
solaris product, and that this is a solaris mailing list. Let me just
point out that one would have to try hard to know about ipchains without
knowing about linux. On the other hand, perhaps I should have been more
detailed in my post; I intentions were to decide between the two products,
which this list has helped with me do, then implement based on the
requirements of each product. It's a piece of cake to obtain a linux box,
and it's also a piece of cake to obtain a relatively decent solaris box.

Thanks everyone who responded.

robert johannes

damango Inc.
1300 Godward Street suite 3200
Minneapolis, MN 55413

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:10 CDT