Firewall Software

From Info Wiki
Revision as of 10:53, 21 September 2012 by Rpeters (talk | contribs) (outlined packet-filtering firewalls)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Packet-Filtering v Router

a perenniel question is whether it is preferable to run a packet-filtering style firewall on each workstation/laptop/pocket-PC or to use a single "hardware" router to protect the whole LAN



  • no additional hardware, cost, wattage
  • zero acreage


  • generally less "hardened"
    • many more background prolcesses need to be running to support user apps


Most Linux include a packet-filtering style firewall

  • usually activated, by default
    • but check
  • efficacy likely to be similar
    • based on iptables
    • may also include ip6tables and ebtables
  • administrative interface specific to distribution
    • "Guarddog" in KDE provides consistent interface


citation needed


citation needed


Although these are typically a separate hardware item they are not necessarily an additional hardware item, often being combined with an ethernet switch and/or DSL modem


  • generally more "hardened"
    • by eliminating many background prolcesses that are not needed to support user apps
  • single point of installation, configuration and update
  • provides protection to "visiting" laptops etc


  • possible additional hardware, cost, wattage
    • although often combined in a single unit with modem and/or ethernet switch
  • sporadic updates for commercial units
    • OTOH frequent updates available for DIY units


  1. most households now have more than one device accessing the Internet
    • a separate Gateway/Router device makes sense in this scenario
  2. portable devices (laptops, sub-compacts etc) should additionally have a filtering firewall enabled
    • should not conflict with router, when at "home-base"

For further recommendations see (Gateway_Router)

Rpeters10:53, 21 September 2012 (EST)