Poll - Firewalls in User

T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,193
Reaction score
10,233
Location
Nkaaaaandla
Poll - Firewalls in Use

Which firewall are you using to protect your network (more than one computer) or a single computer?

Linux :

1. Smoothwall
2. IPCop
3. m0n0wall
4. Other Linux-based firewall (specify)
5. Why do you use it?
6. What is the specs of the machine running the firewall? (HDD size, CPU speed, RAM size)

Windows :

7. MS ISA (on what windows is it running? NT, 2000, XP, 2003)
8. Sygate (specify which windows it's running on - eg Win95, 98, ME, NT, 2000, XP, 2003)
9. ZoneAlarm (specify which windows it's running on - eg Win95, 98, ME, NT, 2000, XP, 2003)
10. Other Windows-based firewall (specify)
11. Why do you use it?
12. What is the specs of the machine running the firewall? (HDD size, CPU speed, RAM size)

General :

13. Does it have antivirus and antispam filtering enabled?
14. What is the longest uptime for your firewall so far?
15. How do you administrate it? (Putty/WinSCP/Web browser/Remote Desktop)
16. Is it easy to add new rules and remove older rules? (block by IP address or MAC address)
17. Is there a support forum for the firewall? Please give the URL as well.
18. Are the people on that support forum helpful and active?
19. How much money have you spent on it so far?
20. Would you recommend it to other people?
21. Is it easy and painless to install, or is it a complicated procedure? (TIP - Look at the installation procedure from a n00b's perspective)
22. Patches, fixes, modifications and add-ons : Can you obtain and install these quickly should you need these?
23. Which routers/modems do work fine with this firewall?
24. IDS system in use (eg Snort).

And last, but not least, how many firewalls are you running at the moment?
 
Last edited:
I use Smoothwall, running on a 1.2GHz Pentium3, 512Mb RAM and 10Gb HDD.

I use it because it is free, easy to use and the Smoothwall community at www.smoothwall.org/forum is very active and full of friendly, helpful people.

It do have an antivirus and antispam mod, although I am using the antivirus mod more, and disabled the antispam mod as we are using Symantec Mail Security.

I administrate mine with a mixture of Putty, WinSCP and Firefox (web GUI front-end).

To add or remove rules is easy with the Full Firewall Control mod - I can block by IP address as well as by MAC address, and also I can selectively open or block ports.

I also have installed the Snort IDS system, it blocks portscanners automatically :D

So far the money we've spent on it was for the memory upgrade. The PC was salvaged from a room full of mothballed PC's.

I will recommend it highly to other people, once you've set it up, you can forget about it.

The installation is painless, although a noob will do well to read the manuals first to get an good understanding on the terminology used, and on how to access it.

As for modifications and add-ons, most of these is supported by their respective authors on the Smoothwall forums, and most of these also have a step-by-step HOWTO on how to install the modifications. And, should you get stuck, the author of the mod (or somebody else) will be willing to help you to resolve the problem.

I'm running 4 Smoothies at the moment (one at home, one at work, and two at two clients). Might need to install a second Smoothie at a later stage at work.
 
Last edited:
OSX - built in firewall.
 
IPCop

P1 - 233
96MB Ram
3 GB HDD

No antivirus plugins installed (moslty running Linux and OSX Clients)

Max uptime between 3 to 4 Months, thanx to Eskom (no UPS) or some software updates that needed a reboot (never had to bounce the box to fix an connection issues)

Admin through ssh and web interface.

Easy to add/remove rules. (my setup is very basic)

Not sure about support (did'n need any for the last 15 months)

No money spend.

Would recommend.

Easy setup. (if you know the basics of a FW)

There are some plugins available and not hard to install.

FW connected to iBurtst UTD


Only have 1 box installed @ home.
 
Centos 4.3 running on an old Celeron with 256 MB memory, which was unusable from a windows / work perspective. HDD 80GB. I chose a complete distro because it also functions as a NAS, OpenVPN, Mail, FTP, Proxy, etc server.
Spam filtering managed at domain level. 4 Windows XP machines have windows software firewall active, as well as AVG and windows defender running on each. Snort on the linux box watches the inside of the network. Perhaps a little anal retentive for a home system, but I was taught by guys who protect way more critical networks. Anyway, I also did it for the experience.

Uptime: Never had to restart, but switch it off once every month or so, when I go away for a weekend or on holiday.
Admin: VNC on internal network, Putty / Webmin from outside (over VPN).
Firewall rules are a piece of cake with Turtle firewall (Webmin module)
Support: www.google.com. Very helpful.:) . Local networking guys are a phone call away.
Money spent: Nil since salvaging the machine from my garage.
Recommend / Ease of installation: Basic installation was completed in an afternoon, but needed some knowledge of networking. I think a noob should probably rather go for a firewall distro like smoothwall, but then I wanted the extra bells and whistles. Steep learning curve if you only know windows. I would certainly recommend the system to a more knowledgeable person.
Patches etc: Yum. Pretty automatic.
ADSL Router: Marconi. Needs a reboot once in a while.

One hardware firewall, 4 software firewalls on windows boxes.
 
Whoopsy... forgot about Snort... updated the list... :o

I think Snort should be a standard installation on all Linux boxen as it will frustrate the portscanners out there. :D
 
Last edited:
Snort is an IDS. Do you think port scanners care about snort? Any port scanner contemplating attempting to hack your box from his actual IP is just a youngster, What is snort going to do, tell you 50 million ppl scanned your box on any given day? There is no intrusion prevention in snort, it doesn't frustrate anybody scanning you is what I'm trying to say.Somebody hacking you, sure, but this is considering if they need to retain access to that network they have compromized while remaining quiet, which is not port scanning.
Sorry, couldn't resist. *grins*
 
Doh...

Bah...

(bangs head on desk)

Too much things clogging up my brain.

In Smoothwall, you have an Reactive Firewall mod - this is coupled with Snort to block portscans.

Apologies for my mistake. :o :o
 
Which firewall are you using to protect your network (more than one computer) or a single computer?

Linux :

** I use IPCop

5. Why do you use it?
** Just comfortable with a linux firewall, IPcop seemed to allways be rated excellent. Once I installed it never found the need to look for anything else.

6. What is the specs of the machine running the firewall? (HDD size, CPU speed, RAM size)
** AMD Athlon 900mh 512meg, 20gig HDD


General :

13. Does it have antivirus and antispam filtering enabled?
** I have installed the Copfilter Add-on - Has all of the above.

14. What is the longest uptime for your firewall so far?
** Lol!! Depends on Eskom, but have had it on for a good couple of weeks at times. But Generally reboot it myself every couple of days if I remember.

15. How do you administrate it? (Putty/WinSCP/Web browser/Remote Desktop)
** Putty, WinscP, Web browser(local and Remote)

16. Is it easy to add new rules and remove older rules? (block by IP address or MAC address)
** Not too easy, either have to be an expert in IPtables, or install an add-on that will do it for you with pretty nice front end.

17. Is there a support forum for the firewall? Please give the URL as well.
** http://www.ipcops.com/

18. Are the people on that support forum helpful and active?
** Never really used it

19. How much money have you spent on it so far?
** R0-00 (excluding bandwidth)

20. Would you recommend it to other people?
** Absobloodylootley

21. Is it easy and painless to install, or is it a complicated procedure? (TIP - Look at the installation procedure from a n00b's perspective)
** 4.5/10 where, 10 - Very Easy to install, 1 - Need engineering degree to install


22. Patches, fixes, modifications and add-ons : Can you obtain and install these quickly should you need these?
** Very easy

23. Which routers/modems do work fine with this firewall?
** Any ethernet one I guess, havent tried a USB one, not sure if it will work.

24. IDS system in use (eg Snort).
** Yes, built it

And last, but not least, how many firewalls are you running at the moment
** IPcop at the gateway, Each PC also has NOD32 and windows firewall also on.
 
1. IP-Cop with iburst broadband.
2. 5 Pc's with zonelabs + avast AV.

IP Cop , battled with the install at first but after reading through the forums managed to get it sorted. Problems only one thanks to escom - PSU had to be replaced.

Smoothwall 3.0- DeGu is going to be my next test.
Clarkconnect - is also something to have a look at http://www.skullbox.net/clarkconnect.php
 
I currently admin 4x pfSense boxes, with Snort IDS on the Jawug network - Hardware ranging from P2 366, 128mb ram, 4gb disk, all the way up to AMD 800mhz, 512mb ram, 10gb disk...

I am a big fan of IPCop, but pfSense just seems to be ringing my bell lately!
 
I dont use a firewall. Anyone who can hack on to my windows box using my ADSL line, and get it to do anything before it crashes, is a genius and should be commended!

Ok, jokes aside:

Mikrotik Router OS built in firewall. Running on what is either a P1 or P2 with probably 32MB of RAM and a old 4GB HDD.
Longest up time is in months for sure - I had to reboot last night after I stupidly killed some important stuff and had to restore from backup :-[
 
2 Win XP pc's (laptop & desktop)
10. Other Windows-based firewall (specify): Sunbelt Kerio
11. Why do you use it? Was recommend on Steve Gibson's Security Now podcast
12. What is the specs of the machine running the firewall? (HDD size, CPU speed, RAM size) 40g 2.4/8 2g

General :

13. Does it have antivirus and antispam filtering enabled? antispam
14. What is the longest uptime for your firewall so far? about a year, since I bought it
15. How do you administrate it? (Putty/WinSCP/Web browser/Remote Desktop) Seldom change filter rules
16. Is it easy to add new rules and remove older rules? (block by IP address or MAC address) yes
17. Is there a support forum for the firewall? Please give the URL as well.
Probably, dont use it.
18. Are the people on that support forum helpful and active?
19. How much money have you spent on it so far? Initial cost US$20 (special)
20. Would you recommend it to other people? Yes
21. Is it easy and painless to install, or is it a complicated procedure? (TIP - Look at the installation procedure from a n00b's perspective) Easy to install, hard if you use advanced and set up rules yourself
22. Patches, fixes, modifications and add-ons : Can you obtain and install these quickly should you need these? auto checks for updates.


And last, but not least, how many firewalls are you running at the moment? 2
__________________
 
At home:
Linux box with some custom iptables rules. Nothing much really.
248days uptime on it. I had to turn it off to move things around.
I admin it by SSH. Manually editing the bash script that I wrote to insert/edit rules. Its the only way to make sure that things are set up exactely the way I want them :P
Support? (www.netfilter.org is all you'll need)
Its not easy to install, and it certainly isn't easy to configure if you're new to it. Its a custom built system, so if I want it to do something, I'll make it do it, no matter how much work/kludge is required.
I run Snort on it, but just for curiosity.
I do a fair amount of traffic prioritisation on it for VoIP traffic, using TC. (www.lartc.org is your friend if you want to go down this path)


At work:
Horribly expensive Juniper Netscreen SSG550.
( http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/ssg_500_series/ )
Only just got one for testing, as the Sonicwall Pro 4060 was playing up (couldn't handle as much throughput as we wanted... it would reboot about 4 times a day on its own)
Seems nice and friendly. Pretty admin interface. Dead easy to use.
It does content filtering, virus scanning, on HTTP and FTP traffic.
Does virus scanning and spam/scam/phishing scanning on mail.
Proper site-to-site and roadwarrior VPN support.
DoS protection.
And it has full support for failover scenarios if you have more than one.
And my favourite... 4xgbit interfaces. (The sonicwall only had 100mbit interfaces)
 
Using ZoneAlarm Pro on my Windows XP server.

Antispyware enabled, longest uptime, about 6 days :D
Administrate? :P
Difficult to set up and change, but well worth it I'm sure ;)
 
3 X IPCop (Dual 2.8Ghz Xeon, 2Gb Ram, 8 x 100/1000 Intel server ethernet interfaces)
Using Options such as OpenVPN, URL-Filter, Snort, Block-Out-Traffic, SARG.

Will put number 4 in service shortly

One lonely Checkpoint NGX Firewall - Based on our Mother Companies Diskless Technology. Completely static no spinning disk to fail.
 
Good to see this is still running :D

There's a couple of names I haven't heard before... Checkpoint NGX and Juniper Netscreen :D
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X