Re: linux firewal question (newbie)

[Christopher Nielsen <enkhyl () scient com>]

On Wed, 7 Oct 1998, Joseph S. D. Yao wrote:

> Date: Wed, 7 Oct 1998 14:42:36 -0400 (EDT)
> From: Joseph S. D. Yao <jsdy () cospo osis gov>
> To: tromh () yahoo com
> Cc: firewall-wizards () nfr net, camoa () geocities com
> Subject: Re: linux firewal question (newbie)
>
> > > I need to choice the best firewal option for linux, which is it?
> >
> > Well ipfwadm is not a FW but a command .
> > I'm not a specialist, what i think is that FWTK is nice but not uses
> > lots of system ressources . For example ;, if u put 30 computers and a
> > FW , proxy beetween them and internet , u will see the rate really
> > slow down !!!
> >
> > SQUID SEEMS to be really better . 
> >
> > Like i said i'm not a specialist and i don't know evrything .
> >
> > If u speak french i wrote a documentation on FWTK security and
> > installation u can find at www.altern.org/trom
>
> Hardware is (relatively) cheap.  Figure out where your bottlenecks are
> (NIC?  RAM?  CPU?), and get something an order of magnitude better.
>
> Squid only passes HTTP, AFAIK.  It fits nicely in as a part of the FWTK
> - which is just a toolkit to build a firewall, remember?  I put lots of
> tools into any pre-fab toolkit I get.

Though I haven't looked at the most recent code base, the last time I
looked at squid's source, it was riddled with all kinds of potential
buffer overflows. Maybe they've fixed these, but I wouldn't trust squid in
a firewall setup.

--
Christopher Nielsen
Scient: The Art and Science of Electronic Business
<http://www.scient.com>
cnielsen () scient com