Talk:Comparison of firewalls

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Software / Computing  (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 
WikiProject Computer Security / Computing  (Rated Start-class, High-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 High  This article has been rated as High-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

Unreferenced[edit]

I have 'unreferenced'ed the article because there is not one 'yes' or 'no' in any of its tables that is supported by a reference, and I can see material already here on the talk page that questions some of them. I myself have not been able to verify the claim that IPFilter supports rate limiting, as just another example. Maybe it can, but if it's that hard for me to find a reference that confirms it, probably the article needs to source the claim.

One could wonder how thorough to expect the references to be. The reference for a 'no' in a table might be tricky (unless the product's documentation clearly says the product can't do that, or a reliable review can be cited where the product was found to be unable to do that). But it might not be unreasonable to say that a 'yes' in a table ought to be backed by citing some clear statement in product documentation, a FAQ/howto, or user forum posting, that demonstrates how the product can do that. Maybe there should be a don't-know value, for features the product can't verifiably be shown either to have or not to have.

The rest of this talk page, so far, seems to reflect multiple facts in dispute by earlier editors. I've added a 'disputed' to the article, referring to the 'several relevant sections' here. —Preceding unsigned comment added by 128.210.4.22 (talk) 22:34, 1 December 2009 (UTC)

I found this : [1] (2003 ... ) --Kalki101 (talk) 22:30, 26 December 2009 (UTC)

Start[edit]

Incorrect! Netfilter (iptables) _does_ support MAC address filtering.

Pretty poor. What about ZoneAlarm, Symantec, Sunbelt Kerio, Comodo and some of the other big ones?

--- Not only that, much of the information is misleading. Checkpoint's features are incorrectly listed on the page

--- --- Agreed, the Checkpoint features are either wrong or severely outdated. I'm going to update that most obvious.

No anti-virus/IDS/sniffer on windows? Poor... at best... If we're counting in add-on software for Linux (wireshark, openvpn) let's do it too for windows. Updating on that. After second analysis, pretty much all info here is incomplete at best. Even though my personal knowledge is limited to Windows and Linux, I believe that iptables supports all features listed in the comparison. Of course Windows XP not being in a server family perhaps shouldn't even be in the comparison (perhaps Windows Server family) and even then, using third-party, I believe that most features can be supported. Given that portability of Linux software, a wide range of network applications have been ported to the Win32 architecture (nmap, ethereal, name them...).


I think that this article should also mention if the firewalls in question are open source or cost money to use. Dedderek 23:00, 12 February 2007 (UTC)

-TODOs:

-add performance comparison tables

-add linked pages with configuration examples. This will make this page popular among network & security students & professionals.

-add more firewalls software to the tables (especially Norton Personal Firewall, BlackICE and ZoneAlarm)

-by Fenix*NBK*, 2.10.2006. (for questions email me at al4321@gmail.com)

-add iptables extentions such as NuFw

-add versions of the compared software

- separate personal firewalls from network firewalls

iptables does MAC filtering, inbound and outbound filtering.


  • what about pf
  • what about nufw that is a userspace firewall for linux
  • what about isafer a personal free software firewall for linux

This article is WRONG. You are only comparing software based firewalls. Quality firewalls are alwasy hardware based at the enterprise level. --- "Quality firewalls are always hardware based" - Oh REALLY?? And on what facts and citations do you base that opinion? Not that I disagree that this needs work to better outline hardware/software/personal/enterprise firewalls, and the other comments about open source vs. COTS are valid too, but I challenge this statement as well. mboltz7664 —Preceding unsigned comment added by Mboltz7664 (talkcontribs) 03:26, 13 August 2010 (UTC) - Define a hardware firewall...many hardware firewalls are simply standard systems in a box with a proprietary OS. (PIX for example - and some versions even use Linux). It is also important to note that we a talking about layer 3 firewalls and not at the application layer. —Preceding unsigned comment added by 203.94.167.145 (talk) 09:30, 18 September 2007 (UTC)

Sunbelt PFW is listed as 'Proprietary' but in fact is no longer sold by Sunbelt. Thus, even shareware versions are de facto free. — Preceding unsigned comment added by 74.229.217.188 (talk) 22:35, 7 March 2012 (UTC)

Missing software firewall[edit]

  • please add the "Ashampoo Firewall Free" - this is free windows firewall with good capabilities as for being free - it's power and simple at once
  • also please add the version PRO too (it needs to be paid)
    • I went here from PL wikipedia which has no such article, and I saw the article is much a scratch - it's missing many data, it's not in any chance so good as other wikipedia's comparisions but it IS PRESENT - so keep work to make it better
—Preceding unsigned comment added by 87.206.55.75 (talkcontribs)
Thank you for your suggestion. When you believe an article needs improvement, please feel free to make those changes. Wikipedia is a wiki, so anyone can edit almost any article by simply following the edit this page link at the top. The Wikipedia community encourages you to be bold in updating pages. Don't worry too much about making honest mistakes—they're likely to be found and corrected quickly. If you're not sure how editing works, check out how to edit a page, or use the sandbox to try out your editing skills. New contributors are always welcome. You don't even need to log in (although there are many reasons why you might want to).
--Hm2k (talk) 12:17, 22 September 2009 (UTC)
      • I'm not feel good in adding info - it would be incomplete (there are many tables which I mean hard to fill) and getting proper sources is horrible for me, so I prefered to only point it out, perhaps somebody would do it better than me :) —Preceding unsigned comment added by 84.10.195.81 (talk) 20:00, 16 October 2009 (UTC)

Windows has two different firewalls now. There is the regular "user" firewall aka windows firewall, and then there is the advanced firewall features of the ip security policies (IPsec)Scottonsocks (talk) 23:40, 16 March 2011 (UTC)

Not only wrong, but incomplete[edit]

Even if we restrict ourselves to software firewalls, where are eEye and Kaspersky and the rest?

Either a a lot of work needs to be done on this page or it needs to be severely pruned. Partial and incorrect comparisons do not serve anyone well.

--24.218.195.92 21:07, 19 October 2007 (UTC)


Peerguardian itself is totally NOT a firewall, and couldnt be considered as one, even after a few drinks. Page does need a rewriting, pretty badly. --Hard Core Rikki (talk) 11:16, 25 February 2008 (UTC)

I have looked at the Peerguardian stuff, and it doesn't mention anything about it being a firewall. It looks like a IP blacklister for browsing the web, with no packet-based filtering abilities at all. I'm removing it from the article. It's also not mentioned later on the other tables, anyways --Enric Naval (talk) 13:28, 28 February 2008 (UTC)


All Windows' firewalls have port forwarding in the advanced options(I don't know if they work, with or without ICS; I couldn't get XP to forward a port).Aand (talk) 19:42, 12 September 2010 (UTC)

Wrong information about Cisco IOS[edit]

The Cisco IOS, since 12.4 version has many new security features. Besides, Cisco IOS, is certified ICSA IPS and ICSA Firewall. —Preceding unsigned comment added by 41.226.235.252 (talk) 14:42, 20 October 2007 (UTC)

Sygate Missing??[edit]

Sygate is one of the best free firewalls in my opinion. Why isn't it in this list? Has it just not been added yet? --Rob (talk) 16:48, 4 June 2008 (UTC)

Sygate Technologies was adquired by Symantec, altough a free version of the firewall still exists. It was somewhat notable, I think, so I'm adding it. --Enric Naval (talk) 17:14, 13 September 2008 (UTC)

GUI for Uncomplicated Firewall[edit]

Could some add GUI for Uncomplicated Firewall to this list? I'm still not very experienced with wikitables yet... SF007 (talk) 15:58, 13 September 2008 (UTC)

It's very recent, let's wait until it becomes notable. --Enric Naval (talk) 17:16, 13 September 2008 (UTC)

Program-specific rules[edit]

One of these tables should have a column that says whether a firewall can block a specific program. Meneth (talk) 14:19, 28 September 2008 (UTC)

Changes[edit]

The topic is labelled Comparison of Firewalls, yet labels the initial list of firewall software as only "Personal Firewalls". This is misleading at best, since there is then nowhere to put firewalls that are not personal firewalls, and the page is not advertised (as per links at the bottom of many firewall-related pages) as being purely for personal firewalls. —Preceding unsigned comment added by 222.155.129.235 (talk) 03:18, 24 August 2009 (UTC)

I wouldn't say it's misleading. Although the page may be incorrectly labelled or lacking information on other types of firewalls. Feel free to fix this. --Hm2k (talk) 09:04, 24 August 2009 (UTC)

What does "Change rules without requiring restart" mean?[edit]

Could someone define it better? I disagree with statement that pf and ipfilter doesn't support it. You don't have to turn off the firewall to reload them. Both of them also allow of adding/removing individual rules to existing ones while running, on top of that pf also has anchors (i.e. subrules) that can be used to update ruleset on the fly (it's for example used by pfauth to add new rules when user logs in). So I don't understand what else those firewalls need to do to have "yes" in that column. I'm changing the entries to "yes" if you disagree, please comment here. Takeda (talk) 21:03, 6 September 2009 (UTC)


Non-Firewall extra features comparison: Add IPS[edit]

Today we speak a lot of IPS : http://en.wikipedia.org/wiki/Intrusion-prevention_system . And the IPS are integrated in firewall, outpost pro act as an ips. I don't know for all the other, but this is a feature that should be add somewhere.

And the point is : is it or not an extra feature ? To me, an IPS is part of a true firewall, or today's definition of a firewall.

--Kalki101 (talk) 20:26, 25 November 2009 (UTC)

Snort , with snort inline is also an IPS. --Kalki101 (talk) 10:02, 30 November 2009 (UTC)

Where is Cisco ASA???[edit]

Why is Cisco IOS Access List covered, but not Cisco ASA ?

--baldwintm (talk) 14:49, 02 February 2011 (EST) —Preceding unsigned comment added by 205.132.74.4 (talk)

List is biased towards Juniper, and other problems[edit]

Juniper is listed first, not alphabetically, in the lower part of the document, multiple times.

It also scores rather highly compared to everything else; it is possible the headings have been construed to deliberately make Juniper look good. Further expert investigation is warranted.

Cisco ASA is missing, as the guy says.

Also, listing Cisco IOS under Firewall Software (Personal/home firewall) is inappropriate, as it runs on its own hardware, and is not sold as a software firewall.

Kerio Control (previously Winroute) is missing from the list of software firewalls, as is Checkpoint.

It is not clear whether the article does actually include hardware firewalls or not, as the word only appears twice. And although it mentions Enterprise firewalls in the header, it does not mention them in the text body.

Under firewall rule-set basic filtering features comparison it lists such items as "Cisco Access List". However it is not possible to buy a "Cisco Access List", rather this is part of a Cisco IOS firewall or ASA firewall. This list of seemingly random products continues to include a Cisco ABC, whatever that might be.

IMHO the whole article is 'shot'. It is misleading, incorrect, biased and missing lots of information. Someone needs to do some major editing, imho, starting with the title. BruceJStedman (talk) 19:57, 14 May 2012 (UTC)

Application rules[edit]

On Windows (and to a lesser-degree MacOS X), applications commonly "phone home", or act in mildly malicious ways using the host's network access, eliminating privacy. Many commercial applications require internet access to "activate", or check licencing on every launch. Rarely do they ask for user permission, and often ignore user preference. Occasionally, they route around countermeasures (eg. MS Windows Firewall). Since "application firewall" has several meanings, Wikipedia is not useful in determining which firewalls can block internet access on a per-program basis. This information would be very useful. — Preceding unsigned comment added by 68.151.108.107 (talk) 20:22, 27 January 2013 (UTC)


Sorting & other things[edit]

the wiki should be broken into windows, mac, bsd, linux, standalone hardware. UFW is amazingly simple to use and default in ubuntu, i would say its already notable. i don't trust anything cisco, if it requires 2 years of classes to operate properly, its poorly designed, and has far too many bugs to be considered a valid solution. are they still, i mean still suggesting telnet unencrypted passwords? cisco equipment is a security nightmare. 75.135.156.3 (talk) 19:00, 16 February 2014 (UTC)

the levels of crap this article has reached are hard to fathom[edit]

Maybe the article should better distinguish between the different types of "things" that act as a so called "firewall". For example, there are packet filters, like e.g. netfilter, nftables or NPF; these are part of the kernel and act above the network stack. Then there are entire operating systems like e.g. OpenWrt or IPFire, that are meat to be installed on some hardware that is at a certain location of the network topology and act as "firewall". Then there is a bunch of proprietary software for Microsoft Windows of OS X that is very heavily advertised and at the same time very badly documented, so we don't know how they work. We can guess, they work similarly to netfilter but in userspace. Oh, and such software is often called a "personal firewall". Anybody who wants to learn something about system or network security should take a big dumb on the Wikipedia and look somewhere else. User:ScotXWt@lk 12:41, 16 May 2014 (UTC)

I agree. Everything is blurred together and put at the same level. --Enric Naval (talk) 20:12, 16 May 2014 (UTC)