creating a DMZ -- seeking firewall advice

Ryan Byrd ryanbyrd at
Tue Mar 8 11:50:28 MST 2005

> but hey, you may actually *need* to upgrade for a good reason - but what
> *exactly* do you need that your iptables boxes cannot provide for you (aside
> from the feel-good cisco brand) ?

we'll, it's possible that a cisco box, running their embedded IOS
instead of linux would be a touch faster, but regardless of whether
it's two linux boxes running iptables or two hardware firewalls, there
are several advantages to having a DMZ for your webservers and hiding
the application and database servers on the inside, don't you think?
Having hardware appliances might make it easier to configure, too,
because, well, all the hardware firewall does is, packet filter. No
need to worry about patching/locking down anything else, like you'd
have to consider with a linux box. In a very over-general sense, too,
dedicated tools seem to work better than multipurpose ones (ever tried
to cut down a tree with a swiss-army knife saw-blade?)

so, does anyone have any experience with hardware firewalls?


More information about the PLUG mailing list