Re: OpenSource Firewall for ISP or Webhost

[Devdas Bhagat <dvb () users sourceforge net>]

On 11/07/03 19:21 -0600, Jim McAtee wrote:
<snip>
> What I'm looking for, if it exists, is an installation that supports an
> unlimited number of interfaces (well, at least four anyway), good logging,
> intrusion detection, NAT, bandwidth shaping/limiting, and 802.1q VLAN tagging.
> I don't need a GUI - I'd be just as happy if the only permitted administrative
> connections were via SSH.  I can also deal with editing configuration files
> and the nuances of iptables, ipfilter, etc.
I don't know if the *BSDs will do VLAN tagging, but they will do all the
rest.
Logging works well in Linux and *BSD, snort runs on both for an IDS.
Both can NAT, http://www.lartc.org/ for full shaping with Linux, if you
can just do with bandwidth throttling, rshaper is a good idea.

> Where I need help is that I don't feel I have a thorough enough understanding
> of Linux or BSD to be able to confidently know that I've completely secured 
> the system when working from a standard installation.  So something like IPCop
> where you've got an easy, minimalist OS installation that is locked down 
> out of the box and offers some of the tools I mention above is what I'm 
> looking for.
http://www.openbsd.org/
OpenBSD is the most locked down by default system out there.
You can always do a minimalistic installation of any distribution of
choice for Linux|BSD and use that instead of a more specialized
distribution. Just don't go with the standard install. A lot of things
can be removed from default installs of RedHat et al, or you could go with
Gentoo/Debian/Slack/distro of choice.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards