Talk:Comparison of firewalls: Difference between revisions
No edit summary |
|||
Line 1: | Line 1: | ||
{{computing|class=start|importance=low}} |
{{computing|class=start|importance=low}} |
||
==Unreferenced== |
|||
I have 'unreferenced'ed the article because there is not one 'yes' or 'no' in any of |
|||
its tables that is supported by a reference, and I can see material already here on |
|||
the talk page that questions some of them. I myself have not been able to verify |
|||
the claim that IPFilter supports rate limiting, as just another example. Maybe it can, |
|||
but if it's that hard for me to find a reference that confirms it, probably the article |
|||
needs to source the claim. |
|||
One could wonder how thorough to expect the references to be. The reference for a |
|||
'no' in a table might be tricky (unless the product's documentation clearly says |
|||
the product can't do that, or a reliable review can be cited where the product was |
|||
found to be unable to do that). But it might not be unreasonable to say that a 'yes' |
|||
in a table ought to be backed by citing some clear statement in product documentation, |
|||
a FAQ/howto, or user forum posting, that demonstrates how the product can do that. |
|||
Maybe there should be a don't-know value, for features the product can't verifiably |
|||
be shown either to have or not to have. |
|||
The rest of this talk page, so far, seems to reflect multiple facts in dispute |
|||
by earlier editors. I've added a 'disputed' to the article, referring to the |
|||
'several relevant sections' here. |
|||
==Start== |
==Start== |
Revision as of 22:34, 1 December 2009
Computing Start‑class Low‑importance | ||||||||||
|
Unreferenced
I have 'unreferenced'ed the article because there is not one 'yes' or 'no' in any of its tables that is supported by a reference, and I can see material already here on the talk page that questions some of them. I myself have not been able to verify the claim that IPFilter supports rate limiting, as just another example. Maybe it can, but if it's that hard for me to find a reference that confirms it, probably the article needs to source the claim.
One could wonder how thorough to expect the references to be. The reference for a 'no' in a table might be tricky (unless the product's documentation clearly says the product can't do that, or a reliable review can be cited where the product was found to be unable to do that). But it might not be unreasonable to say that a 'yes' in a table ought to be backed by citing some clear statement in product documentation, a FAQ/howto, or user forum posting, that demonstrates how the product can do that. Maybe there should be a don't-know value, for features the product can't verifiably be shown either to have or not to have.
The rest of this talk page, so far, seems to reflect multiple facts in dispute by earlier editors. I've added a 'disputed' to the article, referring to the 'several relevant sections' here.
Start
Incorrect! Netfilter (iptables) _does_ support MAC address filtering.
Pretty poor. What about ZoneAlarm, Symantec, Sunbelt Kerio, Comodo and some of the other big ones?
--- Not only that, much of the information is misleading. Checkpoint's features are incorrectly listed on the page
--- --- Agreed, the Checkpoint features are either wrong or severely outdated. I'm going to update that most obvious.
No anti-virus/IDS/sniffer on windows? Poor... at best... If we're counting in add-on software for Linux (wireshark, openvpn) let's do it too for windows. Updating on that. After second analysis, pretty much all info here is incomplete at best. Even though my personal knowledge is limited to Windows and Linux, I believe that iptables supports all features listed in the comparison. Of course Windows XP not being in a server family perhaps shouldn't even be in the comparison (perhaps Windows Server family) and even then, using third-party, I believe that most features can be supported. Given that portability of Linux software, a wide range of network applications have been ported to the Win32 architecture (nmap, ethereal, name them...).
I think that this article should also mention if the firewalls in question are open source or cost money to use. Dedderek 23:00, 12 February 2007 (UTC)
-TODOs:
-add performance comparison tables
-add linked pages with configuration examples. This will make this page popular among network & security students & professionals.
-add more firewalls software to the tables (especially Norton Personal Firewall, BlackICE and ZoneAlarm)
-by Fenix*NBK*, 2.10.2006. (for questions email me at al4321@gmail.com)
-add iptables extentions such as NuFw
-add versions of the compared software
- separate personal firewalls from network firewalls
iptables does MAC filtering, inbound and outbound filtering.
- what about pf
- what about nufw that is a userspace firewall for linux
- what about isafer a personal free software firewall for linux
This article is WRONG. You are only comparing software based firewalls. Quality firewalls are alwasy hardware based at the enterprise level. - Define a hardware firewall...many hardware firewalls are simply standard systems in a box with a proprietary OS. (PIX for example - and some versions even use Linux). It is also important to note that we a talking about layer 3 firewalls and not at the application layer. —Preceding unsigned comment added by 203.94.167.145 (talk) 09:30, 18 September 2007 (UTC)
Missing software firewall
- please add the "Ashampoo Firewall Free" - this is free windows firewall with good capabilities as for being free - it's power and simple at once
- also please add the version PRO too (it needs to be paid)
- I went here from PL wikipedia which has no such article, and I saw the article is much a scratch - it's missing many data, it's not in any chance so good as other wikipedia's comparisions but it IS PRESENT - so keep work to make it better
- — Preceding unsigned comment added by 87.206.55.75 (talk • contribs)
- Thanks for your suggestion. When you believe an article needs improvement, please feel free to change it. You can edit almost any article on Wikipedia by just following the Edit link at the top of the page. We encourage you to be bold in updating pages, because wikis like ours develop faster when everybody edits. Don't worry too much about making honest mistakes—they're likely to be found and corrected quickly. You can always preview your edits before you publish them or test them out in the sandbox. If you need additional help, check out our getting started page or ask the friendly folks at the Teahouse.
- --Hm2k (talk) 12:17, 22 September 2009 (UTC)
- I'm not feel good in adding info - it would be incomplete (there are many tables which I mean hard to fill) and getting proper sources is horrible for me, so I prefered to only point it out, perhaps somebody would do it better than me :) —Preceding unsigned comment added by 84.10.195.81 (talk) 20:00, 16 October 2009 (UTC)
Not only wrong, but incomplete
Even if we restrict ourselves to software firewalls, where are eEye and Kaspersky and the rest?
Either a a lot of work needs to be done on this page or it needs to be severely pruned. Partial and incorrect comparisons do not serve anyone well.
--24.218.195.92 21:07, 19 October 2007 (UTC)
Peerguardian itself is totally NOT a firewall, and couldnt be considered as one, even after a few drinks. Page does need a rewriting, pretty badly. --Hard Core Rikki (talk) 11:16, 25 February 2008 (UTC)
- I have looked at the Peerguardian stuff, and it doesn't mention anything about it being a firewall. It looks like a IP blacklister for browsing the web, with no packet-based filtering abilities at all. I'm removing it from the article. It's also not mentioned later on the other tables, anyways --Enric Naval (talk) 13:28, 28 February 2008 (UTC)
Wrong information about Cisco IOS
The Cisco IOS, since 12.4 version has many new security features. Besides, Cisco IOS, is certified ICSA IPS and ICSA Firewall. —Preceding unsigned comment added by 41.226.235.252 (talk) 14:42, 20 October 2007 (UTC)
Sygate Missing??
Sygate is one of the best free firewalls in my opinion. Why isn't it in this list? Has it just not been added yet? --Rob (talk) 16:48, 4 June 2008 (UTC)
- Sygate Technologies was adquired by Symantec, altough a free version of the firewall still exists. It was somewhat notable, I think, so I'm adding it. --Enric Naval (talk) 17:14, 13 September 2008 (UTC)
GUI for Uncomplicated Firewall
Could some add GUI for Uncomplicated Firewall to this list? I'm still not very experienced with wikitables yet... SF007 (talk) 15:58, 13 September 2008 (UTC)
- It's very recent, let's wait until it becomes notable. --Enric Naval (talk) 17:16, 13 September 2008 (UTC)
Program-specific rules
One of these tables should have a column that says whether a firewall can block a specific program. Meneth (talk) 14:19, 28 September 2008 (UTC)
Changes
The topic is labelled Comparison of Firewalls, yet labels the initial list of firewall software as only "Personal Firewalls". This is misleading at best, since there is then nowhere to put firewalls that are not personal firewalls, and the page is not advertised (as per links at the bottom of many firewall-related pages) as being purely for personal firewalls. —Preceding unsigned comment added by 222.155.129.235 (talk) 03:18, 24 August 2009 (UTC)
- I wouldn't say it's misleading. Although the page may be incorrectly labelled or lacking information on other types of firewalls. Feel free to fix this. --Hm2k (talk) 09:04, 24 August 2009 (UTC)
What does "Change rules without requiring restart" mean?
Could someone define it better? I disagree with statement that pf and ipfilter doesn't support it. You don't have to turn off the firewall to reload them. Both of them also allow of adding/removing individual rules to existing ones while running, on top of that pf also has anchors (i.e. subrules) that can be used to update ruleset on the fly (it's for example used by pfauth to add new rules when user logs in). So I don't understand what else those firewalls need to do to have "yes" in that column. I'm changing the entries to "yes" if you disagree, please comment here. Takeda (talk) 21:03, 6 September 2009 (UTC)
Non-Firewall extra features comparison: Add IPS
Today we speak a lot of IPS : http://en.wikipedia.org/wiki/Intrusion-prevention_system . And the IPS are integrated in firewall, outpost pro act as an ips. I don't know for all the other, but this is a feature that should be add somewhere.
And the point is : is it or not an extra feature ? To me, an IPS is part of a true firewall, or today's definition of a firewall.
--Kalki101 (talk) 20:26, 25 November 2009 (UTC)
Snort , with snort inline is also an IPS. --Kalki101 (talk) 10:02, 30 November 2009 (UTC)