Re: linux firewal question (newbie)

[Bennett Todd <bet () mordor net>]

> 1998-10-13-22:25 Hassan Karim
> If Gauntlet were supported, could someone clue me in to a reason why
> someone would use Linux w/ Gauntlet as opposed to BSDi w/ Gauntlet? If
> you're looking for more apps.... although BSDi has a slew of apps....
> should you really be using your firewall for anything other than network
> firewalling?  Just a thought.

I can think of a few good reasons I'd seriously consider it.

The size of the developer community supporting --- and responding to security
problems as they arise --- is a lot bigger with Linux. Linux has had fixes for
really basic problems, like e.g. SYN flooding, out before BSDI.

Linux is available packaged with a superb software packaging tool, RPM, which
makes it a piece of cake to automate building machines, and automate
double-checking their configuration. Kinda like having tripwire integrated
into the OS release process.

Linux supports lots more hardware; if you want to use funky NICs, or direct
ISDN or T1 interfaces or whatever, you have lots of choices.

I believe ipchains supports something like traffic shaping, though I'm not
sure.

In a big firewall setup, where you are going to have an external screening
router, a bastion host, N DMZ servers, and an internal screening router, these
kinds of things aren't as big a deal; but Linux would give you more options
for smaller installations where you want to get as much juice as you can out
of one box.

-Bennett