Re: Best IP configuration for OpenBSD firewall/router

["Arturo \"Buanzo\" Busleiman" <buanzo () buanzo com ar>]

On Tue, 19 Aug 2003, Damon McMahon wrote:

> My reasons for OpenBSD were not 'political', I can assure you, rather:

Anyway, I believe that a some discussions regarding this subject are quite
interesting for security-basics subscribers, so, I will quote your points:

> 1. I have some previous *BSD experience, but virtually no Linux
> experience.

I have 9 years GNU/Linux experience, less than 3 years *BSD experience.

> 2. By default OpenBSD is a very minimal install, with very few processes
> running; this is ideal for an OS running on _very_ old, slow hardware,
> such as the box I am using.

No security-based installation should be done by defaults. However, good
'defaults' are difficult to find. OpenBSD's are one of the best sets of
pre-configured packages and configurations I've ever seen.

> 3. The default OpenBSD install has only sshd capable of accepting
> connections - this is ideal for a transparent gateway/firewall, the
> primary job of which is NAT and packet filtering.

The same for any current network (and not user)-based GNU/Linux
distribution. Thank god :)

> Thank you to everybody for your assistance!
It's always a pleasure to learn something by giving away opinions :)

--
Arturo "Buanzo" Busleiman - www.buanzo.com.ar - GNU/Linux Documentation
GNU's es_AR Team Leader - PGP/GnuPG Key available at horowitz.surfnet.nl
Casilla de eMail _GRATIS_ de 21Mb Webmail/POP/IMAP/SMTP en www.daleclick.com


---------------------------------------------------------------------------
----------------------------------------------------------------------------