More information about the Underscore mailing list

[_] Firewall recommends anyone?

Matt Hamilton matth at
Tue Jun 17 13:07:00 BST 2003

On Tue, 2003-06-17 at 12:43, Peter Marshall wrote:

> >You could keep it as simple as a linux box, or you could go full out
> >and go for FW1
> Correcto, that's why I was consulting with the great and good of Underscore to help prune the decision tree

If you've got a bit of unix nouse there, then you could try OpenBSD.
The stateful packet filter in it is pretty awesome. It won't do packet
inspection though like FW1 and friends can do (eg. that looks like a
packet from worm X, I'll drop it). However if you want to roll your
sleeves up a bit take a look at Hogwash. It is a bit of software that
uses the Snort IDS engine to inspect packets in realtime and can do
clever things (eg. We are being port scanned by X lets drop all of their
packets). It can be setup as a bridging firewall too, ie just plug it
inline on your ethernet, you don't need to setup IP addresses etc.


Matt Hamilton matth at
Netsight Internet Solutions, Ltd. Business Vision on the Internet +44 (0)117 9090901
Web Hosting | Web Design | Domain Names | Co-location | DB Integration