Firewall Rule-set Advanced Features Comparison
| Can: | work at OSI Layer 4 (stateful firewall) | work at OSI Layer 7 (application inspection) | Change TTL? (Transparent to traceroute) | Configure REJECT-with answer | DMZ (de-militarized zone) - allows for single/several hosts not to be firewalled. | Filter according to time of day | Redirect TCP/UDP ports (port forwarding) | Redirect IP addresses (forwarding) | Filter according to User Authorization | Traffic rate-limit / QoS | Tarpit | Log |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IPFire | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
| Sidewinder | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Untangle | Yes | Yes (Some modules) | No | No | Yes | Yes (With Policy manager) | Yes | Yes | Yes | Yes | Yes | Yes |
| WinGate | Yes | Yes | Yes | No | Yes | Yes | Yes | No | Yes | Yes | No | Yes |
| Zeroshell | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
| Zentyal | Yes | Yes | No | No | Yes | No | Yes | Yes | No | Yes | No | Yes |
- NOTE: Because Linux Iptables is text-based firewall, you can "Filter according to time of day" by using additional 3rd party tools, like expect automation tool and cron jobs.
- Windows firewall may be scripted with scheduled tasks.
- Configured by system policy
| Features: | Configuration: GUI, text or both modes? | Remote Access: Web (HTTP), Telnet, SSH, RDP, Serial COM RS232, ... | Change rules without requiring restart? | Ability to centrally manage all firewalls together |
|---|---|---|---|---|
| IPFire | both | Web (HTTPS), SSH, RS232 | Yes | No |
| Untangle | both | SSH (Not enabeld by default), Web GUI, | Yes | Yes |
| WinGate | GUI | Proprietary user interface | Yes | |
| ClearOS | both | RS232, SSH, WebConfig, | Yes | Yes with ClearSDN |
| Zeroshell | GUI | SSH, Web (HTTPS), RS232 | Yes | No |
| Zentyal | GUI | SSH, Web (HTTPS) | Yes | Yes with Zentyal Cloud |
- NOTE: Because Linux Iptables and Cisco ACL are text-based firewalls, you can centrally manage them all-at-once by using additional tools, like KDE Konsole or expect automation tool.
- NOTE: Due to the distributed nature of the Checkpoint architecture, no single interface is used exclusively. Security, NAT and VPN configuration is always done using the proprietary GUI, however basic IP networking and routing configuration of individual firewalls could be done using SSH or the Web interface.
Read more about this topic: Comparison Of Firewalls
Famous quotes containing the words advanced, features and/or comparison:
“Predatory capitalism created a complex industrial system and an advanced technology; it permitted a considerable extension of democratic practice and fostered certain liberal values, but within limits that are now being pressed and must be overcome. It is not a fit system for the mid- twentieth century.”
—Noam Chomsky (b. 1928)
““It looks as if
Some pallid thing had squashed its features flat
And its eyes shut with overeagerness
To see what people found so interesting
In one another, and had gone to sleep
Of its own stupid lack of understanding,
Or broken its white neck of mushroom stuff
Short off, and died against the windowpane.””
—Robert Frost (1874–1963)
“Intolerance respecting other people’s religion is toleration itself in comparison with intolerance respecting other people’s art.”
—Wallace Stevens (1879–1955)