[clug-talk] RE: Internet Filtering

Gustin Johnson gustin at echostar.ca
Fri Sep 9 12:48:01 PDT 2005


My P2 400 running linux smokes any of the CISCO gear I have used.  Cheap CISCO
usually means old, which is usually bested by commodity hardware.  I am also
not sold on the security of IOS.  I trust linux and BSD far more (especially
now with SELinux etc).

Its a shame I wasn't involved with CLUG a year ago, I gave a bunch of 
old CISCO
routers and switches away.
-- 
No trees were harmed in the transmission of this message, however a 
large number
of electrons were seriously inconvenienced.


Quoting Shawn <sgrover at open2space.com>:

> These types of firewalls are good for home use.  But the moment you start
> hosting servers, and/or adding in content filtering, they begin to become
> unsuitable.  Sure you can do some port forwarding, but what if you only want
> to forward port 22, for 3 specific IPs, and block everyone else?  The smaller
> boxes usually aren't set up to handle this.  They also do not do content
> based filtering of any sort.
>
> So, they do have their uses, but are not sufficient for what the original
> poster was after (content based filtering).  :)
>
> My IPCop box cost me $0.00.  I'm using an old P166 that was given to me, and
> the software was free.. <grins>.  That said, I would love to come across one
> of the higher end Cisco IOS routers (hardware router) for dirt cheap -
> hardware routing is SO sweet...  But IPCop does everything I need for now,
> and then some...
>
> My thoughts...
>
> Shawn
>
> On Friday 09 September 2005 11:39, Greg King wrote:
>> There is no question that a software based firewall like IP Cop is
>> powerful, but it will never be as cheap as a firewall appliance if you shop
>> around.
>>
>> For example, my son just bought an SMC firewall / router at futureshop for
>> $4.99 after rebates. The GST on the purchase price put it in around $8.50
>> total cost. The box is the size of a small paperback novel, and is a 4 port
>> 10/100 switch as well. It has a stateful firewall with some port and url
>> filtering. He bought it solely to take to X-box gaming parties but I tried
>> it out as a dhcp server, firewall, and router, and it wasn't bad at all. It
>> operated in almost complete stealth mode according to "Shields up" (one
>> identity port open). The power bill alone for a PC based firewall left
>> running 24x7 for a reasonable amount of time is probably greater than the
>> purchase price of this device, which operates with very low power
>> requirements.
>>
>> It's not as interesting to setup/ tweak, but it is very cheap to own and
>> operate.
>>
>> Regards, Greg
>
> _______________________________________________
> clug-talk mailing list
> clug-talk at clug.ca
> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying
>



---------------------------------------------------
This message was sent using Echostar Secure Webmail

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: PGP Digital Signature
Url : /pipermail/clug-talk_clug.ca/attachments/20050909/0dfc982e/attachment.bin


More information about the clug-talk mailing list