Hi everyone,

I have been scouring the net and reading books about networking, firewalls, and security in general. I have developed some views on the subject, but I would like to know from the folks here:

In your experience have you found Linux firewalls, e.g. IPTables, to be as reliable as hardware firewalls? If so, do you believe it is necessary to run the Linux firewall on a separate box or can it be on the same box as a web server as long as that box is hardened.

Thanks in advance!
Scott

It depends on what you want to do and what's running behind it. But yes you can build your own box to work as a firewall and it can be faster and more versatile than a hardware one anyway and also a lot cheaper. What you can get away with really depends on it's purpose. A separate box is usually optimal, but it just depends.

It'll be easier to upgrade, and you'll actually know what software/firmware it's running. And iptables has most features you'll need.

However, my BSD friends would argue that you should use OpenBSD.

I would also recommend using two different machines if you can.