Re: why isn't there a newer linux fw-howto

["Perry E. Metzger" <perry () piermont com>]

Adam Shostack writes:
> I'll be a contrarian.  The Linux audit project is going full steam,
> and has found lots of interesting stuff.  Freebsd is great for desktop 
> systems, and comes easy to use, but its a lot more work to take it to
> FW ready.  If you want a BSD system, try openbsd.

OpenBSD is no better for security applications than any other BSD, in
spite of the extreme hype, but lets not get into that particular flame
war here right now.

In terms of difficulty to set up a NetBSD system to be suitable as a
firewall, generally all I find necessary is to set a couple of flags
in the kernel config file, change the /etc/rc.conf not to turn on most
services (and to set up a few others, like syslog, so they do not
listen to the network), and reboot.  Usual time to harden: less than
five minutes of typing.

I then install the firewall package of my choice.

I'll admit that this is "cheating" in so far as I helped hack on
NetBSD a bit to make it much easier to turn into a firewall with
minimum work, but in some ways that is also the point.

I have never found Linux to be as easy to deal with. The fact that
there isn't a coherent source tree for the userland utilities and such 
in and of itself gets to be hard to deal with.

Perry