Iptables vs. Cisco PIX

Francesco Ciocchetti primero at fastwebnet.it
Sat Apr 9 20:10:24 CEST 2005

Alejandro Cabrera Obed wrote:

>Hi people !!!
Hi :)

I would say that while Iptables is a set of Block to build a Wall ,
Cisco PIX is a pre-built Wall you just have to paint and let it shine.

Iptables gives for sure a lot of opportunities of configuration and
traffic control that a Cisco Pix does not and i think is not possible to
forget that Iptables-Firewall is a complete Linux system with all the
advantages this can gives, for example a cron-tab, scripting , and so on.

I think that , as always, the choice depends on your needs from the device.
If you need a statefull firewall failover your choose is done because
iptables is not ready to do it yet while Cisco PIX does it in a clear
and fast way.

I would always use a Cisco Pix as Border Firewall because of its
reliability and performance, also because i would not do specific or
particular filter at this level of network. I would instead use a
Linux/Iptables firewall at 'User Level' because it would let me to do
ANYTHING i want and because at this level i could , maybe, leave the
statefull failover out to have the maximum flexibility possible.



More information about the netfilter mailing list