05-29-2004, 10:24 AM
|
|
Newbie
|
|
Join Date: May 2004
Location: Plano, TX
Posts: 14
|
|
I'm currently using shorewall as my firewall of choice. However, I am curious as to whether APF is better or if there are any other firewalls that did more than shorewall does. I've been please with shorewall and its relatively easy configuration and maintenance.
thanks!
__________________
Tommy Elliott
Hello & Co! - It all starts with Hello !
HelloandCo.com | HelloHost.com | HelloHost.co.uk | HelloDomains.net | HelloServers.com | Hello-Designs.com | HelloDev.net | HelloNetworks.net | eHello.net | HostingNames.net | 1-888-88-HELLO
|
05-30-2004, 03:30 AM
|
|
Web Hosting Master
|
|
Join Date: Jul 2002
Location: USA
Posts: 1,124
|
|
I am not familiar with shorewall, but APF is excellent. I recemmend you try it out! 
|
05-30-2004, 03:32 AM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,634
|
|
shorewall is ok, i recommend APF over it although, alot more features.
|
05-30-2004, 03:48 AM
|
|
Junior Guru Wannabe
|
|
Join Date: May 2004
Location: India
Posts: 91
|
|
I really like bastile Firewall. In my opinion it is the best more than any other firewall. It is very stable really. Can give a try.
__________________
Helpdesk : Sir, you need to add 10GB space to your HD , Customer : Could you please tell where I can download that?
|
05-30-2004, 04:52 AM
|
|
WHT Addict
|
|
Join Date: Jun 2003
Posts: 148
|
|
|
05-30-2004, 11:50 AM
|
|
Web Hosting Master
|
|
Join Date: Jul 2002
Location: USA
Posts: 1,124
|
|
Kiss and Bastille lack the features that APF offers.
|
05-30-2004, 12:20 PM
|
|
Newbie
|
|
Join Date: May 2004
Location: Plano, TX
Posts: 14
|
|
Well, I'm gonna give APF a try and see how it goes. From what I've seen...it seems APF is the way to go So i'll go that way...for now. :p
__________________
Tommy Elliott
Hello & Co! - It all starts with Hello !
HelloandCo.com | HelloHost.com | HelloHost.co.uk | HelloDomains.net | HelloServers.com | Hello-Designs.com | HelloDev.net | HelloNetworks.net | eHello.net | HostingNames.net | 1-888-88-HELLO
|
05-30-2004, 12:54 PM
|
|
WHT Addict
|
|
Join Date: Jun 2003
Posts: 102
|
|
One of the things I noticed in apf is the rigidity in the following lines for denying hosts on a range of ports:
# Syntax:
# proto:flow:[s/d]=port:[s/d]=ip(/mask)
# s - source , d - destination , flow - packet flow in/out
This makes it difficult to specify a range of ports and hence we have to use external rules explicitly on top of apf after it is run. This makes it difficult to get the rules saved unless it is saved to the iptables ruleset. If anybody has suggestions, please let me know.
__________________
Dream, Envision, Enrich the world
|
05-30-2004, 01:08 PM
|
|
WHT Addict
|
|
Join Date: Jun 2003
Posts: 102
|
|
Editing tcp.rules file is an option, but I think deny_hosts.rules should have had it if they mean to automate that.
__________________
Dream, Envision, Enrich the world
|
07-15-2005, 07:56 AM
|
|
Junior Guru
|
|
Join Date: Dec 2002
Location: Canada
Posts: 197
|
|
Quote:
Originally posted by thelinuxguy
shorewall is ok, i recommend APF over it although, alot more features.
|
Last time i checked shorewall has lots more features then apf, apf lacks many stuff, and which shorewall has organized way
for example
ip forwarding
seperate zones
nice policy arrangement
and more
both interface to iptables, but shorewall really organized iptables frontend firewall, but apf does not even get close.
but apf cover the simple dedicated hosting server needs, but when you come to secure the network shorewall makes your life easy with iptables
|
07-15-2005, 08:09 AM
|
|
Newbie
|
|
Join Date: May 2004
Location: Plano, TX
Posts: 14
|
|
shorewall and brute force protection
I know that APF is highly recommended and I'm still on the fence as to whether to switch to APF from my current install of shorewall.
However, I really want a good BFD solution. I've found one for shorewall, but it seems really incomplete and required some custom scripting on my part (not that I mind).
Does anyone know of a good all around BFD tool set? Or even one that prefers one firewall to another (to give me a reason to switch if it isn't shorewall).
Thanks in advance!
Tommy
__________________
Tommy Elliott
Hello & Co! - It all starts with Hello !
HelloandCo.com | HelloHost.com | HelloHost.co.uk | HelloDomains.net | HelloServers.com | Hello-Designs.com | HelloDev.net | HelloNetworks.net | eHello.net | HostingNames.net | 1-888-88-HELLO
|
07-15-2005, 08:16 AM
|
|
Community Guide
|
|
Join Date: Dec 2002
Location: The Shadows
Posts: 2,900
|
|
The Developer of APF also makes BFD, which is a brute force detection system.
As you can guess, they are ment to integrate.
__________________
Dan Sheppard ~ Freelance whatever
|
07-15-2005, 09:56 PM
|
|
Web Hosting Master
|
|
Join Date: Dec 2004
Location: Canada
Posts: 1,076
|
|
I prefer Shorewall. The configuration files seem much more organized to me, and by their nature seem to allow more flexibility. But I actually use it as a firewall, not just as protection on a server box. It's also got much nicer, more comprehensive documentation & website.
|
Related posts from TheWhir.com
|
| Title |
Type |
Date Posted |
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
