I'm running several web, email, etc services behind a very detailed iptables firewall. Granted for me though, the firewall is it's own server protecting a private net.
I wouldn't do it any other way, well except something similar using freebsd and ipfilter.
Personally, I don't trust those boxed firewalls, iptables is so configurable especially into options where boxed firewalls don't protect, like source routed packets and other routing trickery. Plus, I've yet to see one that can offer the nat'ing options to the excess that I use, or prerouting tables, for that matter.
-- Jason k Larson
Luis Lebron wrote:
I know there is a lot of expertise on running web servers in this group. So, I'm going to ask a couple of questions.
I am currently a public web server with an iptables firewall. A security
consultant has suggested that we buy a separate firewall for the firewall
instead of running iptables. He recommended a Symantec VelociRaptor or one
of their firewall appliances.
Does this sound like good advice? Are there any other models we sould look
at?
thanks,
Luis R. Lebron
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
