Firewall Wizards mailing list archives
Re: OpenSource Firewall for ISP or Webhost
From: Devdas Bhagat <dvb () users sourceforge net>
Date: Sat, 12 Jul 2003 08:54:04 +0530
On 11/07/03 19:21 -0600, Jim McAtee wrote: <snip>
What I'm looking for, if it exists, is an installation that supports an unlimited number of interfaces (well, at least four anyway), good logging, intrusion detection, NAT, bandwidth shaping/limiting, and 802.1q VLAN tagging. I don't need a GUI - I'd be just as happy if the only permitted administrative connections were via SSH. I can also deal with editing configuration files and the nuances of iptables, ipfilter, etc.
I don't know if the *BSDs will do VLAN tagging, but they will do all the rest. Logging works well in Linux and *BSD, snort runs on both for an IDS. Both can NAT, http://www.lartc.org/ for full shaping with Linux, if you can just do with bandwidth throttling, rshaper is a good idea.
Where I need help is that I don't feel I have a thorough enough understanding of Linux or BSD to be able to confidently know that I've completely secured the system when working from a standard installation. So something like IPCop where you've got an easy, minimalist OS installation that is locked down out of the box and offers some of the tools I mention above is what I'm looking for.
http://www.openbsd.org/ OpenBSD is the most locked down by default system out there. You can always do a minimalistic installation of any distribution of choice for Linux|BSD and use that instead of a more specialized distribution. Just don't go with the standard install. A lot of things can be removed from default installs of RedHat et al, or you could go with Gentoo/Debian/Slack/distro of choice. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OpenSource Firewall for ISP or Webhost Jim McAtee (Jul 11)
- Re: OpenSource Firewall for ISP or Webhost Devdas Bhagat (Jul 12)