Linux IP chains firewall

• Use low cost commodity Intel based rackmount servers

• No expensive license fees for inspection modules and management stations

• More flexible than a closed-box hardware based solution

  • Not tied to inflexible product features - can implement yourself
  • Can run an IDS (Intrustion Dection System)
  • Run chrooted nameservers on firewall to save on hardware

• Use NAT features to gain provider Internet independence

  • All public servers use private addresses – NATed on firewall
  • One place to change addresses when changing provider

• Planned upgrade to iptables statefull packet filter