Security Basics mailing list archives

RE: Best IP configuration for OpenBSD firewall/router

From: Meidinger Chris <chris.meidinger () badenit de>
Date: Tue, 19 Aug 2003 08:26:15 +0100

Don't forget fli4l, nice lightweight router/firewall solution from a
bootable floppy.

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg


-----Original Message-----
From: Patrick Benson [mailto:benson () chello se]
Sent: Tuesday, August 19, 2003 12:42 AM
To: security-basics () securityfocus com
Subject: Re: Best IP configuration for OpenBSD firewall/router


chort wrote:

By the way, I agree with the direction you're taking to use OpenBSD for
your gateway.  I know many people recommend Linux to build a gateway,
but many Linux distributions are getting bloated now and the kernel
itself has had a few problems.  Since OpenBSD is a distribution that
does exhaustive code review and is very minimal by default, and it has
strong cryptography built in, I would recommend OBSD rather than Linux.


Actually, there's no need to use a Linux distribution if you would like
to use Linux on a dedicated box, there are quite a few alternatives
which use the minimalistic approach like: http://www.leaf-project.org/
The Bering image, 1680 floppy image or CD iso, is the most current. What
you get on a floppy?

1 - Linux kernel 2.4.20, 2.4.21  http://www.kernel.org/
2 - Iptables 1.2.8               http://www.netfilter.org/
3 - Shorewall firewall script    http://www.shorewall.net/
4 - dnscache                     http://cr.yp.to/djbdns.html
5 - tinydns                      http://cr.yp.to/djbdns.html
6 - OpenSSH                      http://www.openssh.org/

to name a few. Runs entirely in a ramdisk, no writable media enabled.
It's up for discussion what's actually *safer* if no writable hard disk
needs to be used, I'm using that floppy image on a 486 DX4 as of this
moment. :) 

Regards,
-- 
Patrick Benson
Stockholm, Sweden

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Best IP configuration for OpenBSD firewall/router, (continued)
- - - Re: Best IP configuration for OpenBSD firewall/router Patrick Benson (Aug 18)
    - Re: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 19)
- RE: Best IP configuration for OpenBSD firewall/router Jason Armstrong (Aug 18)
  - RE: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 18)
    - Re: Best IP configuration for OpenBSD firewall/router Ansgar Wiechers (Aug 19)
    - Re: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 19)
    - Re: Best IP configuration for OpenBSD firewall/router Ansgar Wiechers (Aug 19)
- RE: Best IP configuration for OpenBSD firewall/router DeGennaro, Gregory (Aug 18)
  - RE: Best IP configuration for OpenBSD firewall/router Edward Rustin (Aug 19)
- Re: Best IP configuration for OpenBSD firewall/router Arturo "Buanzo" Busleiman (Aug 18)
- RE: Best IP configuration for OpenBSD firewall/router Meidinger Chris (Aug 19)