[plug] Firewalls

[Michael Hunt]

> I have looked at Mason and PMFirewall in the last few days.
>
> Mason is supposed to learn the pattern of use of the network, and
> build rules
> to suit.  I guess you have to hope you're not being cracked at
> the time Mason
> is learning the rules!  It's supposed to be the duck's nuts but I found it
> stopped my network when I implemented it after a couple of hours
> of learning.
>
> PMFirewall in comparison asked a few questions to configure itself.  On
> firing it up I found I still had my WAN facilities, but I wasn't totally
> impressed by the ipchains it had configured - I thought there
> would have been
> a few more DENYs about for the well known cracking ports.
>
> Any comments on these or other packages?

PMFirewall was good when I used it a while ago (nearly two years ago). It
wasn't the 'ultimate firewall soloution' but it was a good starting point
(espoecially as I was learning IPChains and firewalling in general at the
time). Nowdays I would recommend Bastille (or OpenBSD for the really really
security conscious). The only only downside to Bastille is that you tend to
find that it builds a prison that you can't escape from !!!

Michael Hunt