OK, I just can't resist such an easy target. For those of you who don't know me, I ported the firewall toolkit to Solaris 2.x many moons ago, and have been dealing with Gauntlet for quite some time. Despite everything I say below, I have yet to find a better product that has source code available and can be configured sans GUI. I just wish I didn't have to fight the broken !@#$%%^ software so much to get work done. >>>>> "Staggs" == Staggs, Michael <Michael_Staggsat_private> writes: Staggs> stuff we have all grown used to (lazy) and the UNIX flavors still have the Staggs> option to edit .conf files and netperm tables should you feel more Staggs> comfortable with direct editing. And are willing to reverse-engineer the undocumented config file formats. Staggs> muliple fw policy console management, a long legacy of NO exploits and an *snort* *giggle* You _are_ joking, right? Shall I point out the buffer overflows in the old smap code? I'm sure I still have 4.0a source around. As of 5.5, the most egregious of the wretched code has been fixed, but there's more to do (I mean, really, y'all _still_ can't manage to get signal handling right? Sheesh). Staggs> intrusion detection/response capability and it is a rock solid performer. Except when your kernel mods panic the boxen. Or randomly drop rules. Or... Staggs> I work as an eng for NAI, so my opinion is biased, obviously. Check out the Performance is decent, if you have big enough iron. Documentation and managability are both fairly bad (assuming you have more than one box and need to do anything at all interesting). Code quality was horrendous, and is now merely bad. Given a few more revisions and another dozen or so patches from me and others and we might even get it to mediocre. -- Carson Gaspar -- carsonat_private carsonat_private carsonat_private http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:00:06 PDT