RE: Suggestions Needed

[Adam Shephard <adams () firstfederalbanking com>]

I ran Smoothwall, then IPCop on my network at home for about a year. I
recently switched over to an OpenBSD box running pf. I am much happier with
the OpenBSD box.

Considering it's a home network, Smoothwall/IPCop were fine. I had a couple
of nagging doubts, though. One being the fact that all ports above 1024 were
open and the other being the concept of having other things (IDS & VPN) on
the same box as my firewall. Depending on who I asked, those things were
either "not a problem", "a gaping hole" or "could be good, could be bad,
depending on what you're doing". I had a long weekend with some free time so
I thought I'd try pf. 

The thing that has made me happiest are the results when I scan the firewall
from the outside. While Smoothwall/IPCop looked pretty solid, I always saw
things I could do to tighten them. When I scan the pf box, it doesn't seem
to exist.

Invisibility always seems to ease paranoia.

> -----Original Message-----
> From: Justyn [mailto:dragon () dlance com]
> Sent: Tuesday, February 25, 2003 12:55 AM
> To: security-basics () securityfocus com
> Subject: Suggestions Needed
>
>
> I'm a home user rather new to firewalls. I have a spare pc I 
> want to use 
> as a firewall machine for our local lan of 2 workstations 
> w/cable modem. 
> I'm wanting a linux/unix flavor os for the firewall system. 
> Would I be 
> better off using a stripped down os that is tailored for firewall 
> machines or something like redhat/freebsd? Would would anyone 
> suggestion 
> as a starting place to learn.
>
> Thanks!