> >But seriously. The out of the box firewall tool from SuSE
> >6.x is not perfect, but quite decent.
> Can you be more specific? I like to no what isn't perfect about
> SuSEfirewall, because I use it myself. And do you think, say
> PMFirewall is a better product?
I never use PMFirewall. So, I can't comment on that.
But seriously. If you depends/relies on a piece of codes to
secure everything, you'll be in for a hugh surprise.
The fact is: If you can code it, somebody can, and will
So, you can only make your network/servers less easy to
break, and hopefully, will make the cracker to give up
because it's taking him/her too much time/efforts to try to
compromise your box.
By playing around with several major distros, I've found
SuSE's out of the box firewalling to be quite decent,
especially if one knows what he/she is doing and activated
the hardening rules as well. I believe it will stop most
casual crackers, but the really determined and knowledgable
ones can, and will be able to crack it.
BTW. Check out the LIDS project that is developed by a kid
from China and another guy from eastern Europe. Very
interesting shits there, kernel level detection and
response. Search for that at freshmeat.
> >> FWIW, there is an updated version of the firewals package on
> >> SuSE's ftp site under updates
> Or the newest at http://www.suse.de/~marc
> SuSE Linux 2.2.7 at linux-wd on a i586
> 2:00pm up 85 days, 1:59, 0 users, load average: 0.03, 0.01, 0.00