Firewall Wizards mailing list archives
Re: why isn't there a newer linux fw-howto
From: Adam Shostack <adam () homeport org>
Date: Tue, 6 Oct 1998 07:06:47 -0400
On Tue, Oct 06, 1998 at 12:49:44AM -0700, Jan B. Koum wrote: | On Mon, 5 Oct 1998, Adam Shostack wrote: | >I'll be a contrarian. The Linux audit project is going full steam, | >and has found lots of interesting stuff. Freebsd is great for desktop | >systems, and comes easy to use, but its a lot more work to take it to | >FW ready. If you want a BSD system, try openbsd. | I'll be a contrarian to a contrarian. Ouch! | | AFAIK people in both Net and FreeBSD camps do follow OpenBSD tree | for security fixes. As for FreeBSD been only great for desktop: I'd think | folks at yahoo and hotmail who run their web server on FreeBSD would not | agree with you on this one. :) Good point. :) | Also, what is "a lot more work" to which you are referring to is | needed to make a FreeBSD box ready? In general any Unix box by default | needs work to be a firewall: extra services turned off, custom kernel | created, ip filtering enabled, etc. Some securelevel stuff, making sure that tripwire & such don't scream about the (recently fixed) dirty page/mtime bug. Setting the sysctl variables. Using ipfilter, which I know well, instead of ipfw. I suppose a lot of it is knowing the system you're using, which is why I like Open-, and Perry likes Net-, and leads me to: | But I do notice that we all agree on one thing: if it has to be a | free source unix based firewall, it is gotta be BSD. Its gotta be a system you know well. If you know Linux back and forth, then by all means, don't pick up *BSD because someone tells you its a good firewall box. Its nothing without knowlegeable people to tweak it. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- RE: why isn't there a newer linux fw-howto Paul D. Robertson (Oct 01)
- <Possible follow-ups>
- RE: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 01)
- Re: why isn't there a newer linux fw-howto Darren Reed (Oct 02)
- Re: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 02)
- Re: why isn't there a newer linux fw-howto Matt Curtin (Oct 05)
- Re: why isn't there a newer linux fw-howto Adam Shostack (Oct 05)
- Re: why isn't there a newer linux fw-howto Perry E. Metzger (Oct 05)
- Re: why isn't there a newer linux fw-howto Jan B. Koum (Oct 06)
- Re: why isn't there a newer linux fw-howto Adam Shostack (Oct 06)
- Re: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 06)
- Re: why isn't there a newer linux fw-howto Darren Reed (Oct 02)
- Re: why isn't there a newer linux fw-howto Perry E. Metzger (Oct 05)