Very Computer

> PMfirewall (www.pointman.org)
> vs.
> Firestarter (http://firestarter.sourceforge.net/ )

> who have used both?

> which did you like best?

> do they work?

> comments:

> > PMfirewall (www.pointman.org)
> > vs.
> > Firestarter (http://firestarter.sourceforge.net/ )

> > who have used both?

> > which did you like best?

> > do they work?

> > comments:

> I use pmfirewall along with logcheck to check for conditions I should
> know about. I works great with the interactive setup for pmfirewall
> automatically setting up a good first firewall. But after looking at
the
> features for firestarter i must say it looks good. It is one of the
few
> firewalls in linux that allows you to build a firewall ruleset
> dynamically as you go. This is along the lines of zone alarm for
windows
> and ZA is good and easy to use allowing you to interactively build
your
> rule set as you go. This is a good method, on first startup zone alarm
> denies everything in and out and as any traffic tries to leave or
enter
> ZA asks  what you  want to do with it and then magically fabricates a
> rule to accomplish it. It would nice if firestarter worked completely
> like this (in regards to outbound traffic since some programs and
> Trojans try to communicate to the outside without your knowledge), but
> it is a excellent start IMHO and allows the beginner to  interactively
> build a rule set with out even knowing what a rule is. Pmfirewall
builds
> the initial rule set but there on you have to make any
changes/additions
> manually. Firestarter gives more flexibility in  regards to the rule
set
> (if not designing the rules manually, but you have to be in xwindows
> while FS is doing its thing (pmfirewall has no need for Xwindow). Why
> not try both and see for yourself.

> > > PMfirewall (www.pointman.org)
> > > vs.
> > > Firestarter (http://firestarter.sourceforge.net/ )

> > > who have used both?

> > > which did you like best?

> > > do they work?

> > > comments:

> > I use pmfirewall along with logcheck to check for conditions I should
> > know about. I works great with the interactive setup for pmfirewall
> > automatically setting up a good first firewall. But after looking at
> the
> > features for firestarter i must say it looks good. It is one of the
> few
> > firewalls in linux that allows you to build a firewall ruleset
> > dynamically as you go. This is along the lines of zone alarm for
> windows
> > and ZA is good and easy to use allowing you to interactively build
> your
> > rule set as you go. This is a good method, on first startup zone alarm
> > denies everything in and out and as any traffic tries to leave or
> enter
> > ZA asks  what you  want to do with it and then magically fabricates a
> > rule to accomplish it. It would nice if firestarter worked completely
> > like this (in regards to outbound traffic since some programs and
> > Trojans try to communicate to the outside without your knowledge), but
> > it is a excellent start IMHO and allows the beginner to  interactively
> > build a rule set with out even knowing what a rule is. Pmfirewall
> builds
> > the initial rule set but there on you have to make any
> changes/additions
> > manually. Firestarter gives more flexibility in  regards to the rule
> set
> > (if not designing the rules manually, but you have to be in xwindows
> > while FS is doing its thing (pmfirewall has no need for Xwindow). Why
> > not try both and see for yourself.

> PmFirewall is the quickest way to get a working firewall but some of
> its rules can be improved by manually hacking the file afterwards. In
> particular it doesn't seem too clever when dealing with IDENT
> connections -it goes for an all or nothing approach which isn't too
> brilliant, but you'll have it up and running in 5 mins :-)

> Since I don't run X on any of my server boxes I've not tried FS, and
> won't be.

> To sidetrack a bit ZA has one BIG fault -it should pass private IP
> addresses (since they can't be routed over the internet) but doesn't,
> and you can't persuade it to either! If you have a network with a
> number of machines running samba it will stop them talking to the host.
> I've found no way around this since it doesn't offer to let it thro,
> just says it's blocked it! So ZA brilliant for stand alone machine,
> hopeless for networks -but Steve does say it's a personal firewall so I
> suppose you can't complain.

> Pete

> Sent via Deja.com http://www.deja.com/
> Before you buy.