[ale] best dist for firewall?
cfowler
cfowler at outpostsentinel.com
Fri May 3 14:58:31 EDT 2002
A firewall is a firewall.
It is not:
A Mail Server
A Web Server
A Shell Server
A Etc. Server
It is a firewall
Maybe a very tight shell to configure the rules. But if you do
it write you can create a firewall on floppy that would
require mounting on a cliet machine to configure then booting up
on. Now that is a firewall!
On Fri, 2002-05-03 at 14:28, Glenn C. Lasher Jr. wrote:
>
> I will second this. Slackware 8.0 is exactly the right distro for a
> firewall. Not only does it not suffer the operational and security issues
> of RH, but it also even lets you pick --at install time-- what version of
> kernel you want to run, and, if you pick 2.4.x, will let you set up
> ReiserFS before installing. We 'ave one. Ees ver' nayze.
>
>
> On Thu, 2 May 2002, Transam wrote:
>
> > > I'm setting up a firewall on a 120mhz, 16meg machine. I'd like to run
> > > iptables, snort/acid and a mysql db to store the snort info.
> >
> > > Any recommended distros? It'd be nice to get something minimal (possibly
> > > tightened) but with the 2.4 kernel (for the stateful firewalling
> > > capabilities). I considered Slackware or Debian and then upgrading
> > > the kernel, but the thought of compiling on a 120mhz machine is not
> > > a happy one. Considering Peanut as well, but it seems to be heavily
> > > configured for the desktop. I guess it's a last resort.
> >
> > Slackware 8.0! I've found Slackware FAR less buggy (both in security bugs
> > and in annoying operational bugs) than either Red Hat or Mandrake and far
> > easier to install. It also requires FAR less security patches and thus
> > yields a lower-maintenance system. Some of this is due, I think, to their
> > interest in the best disribution rather than the most money and easiest
> > and most toys (sound familiar). Some of it is due to less "stuff" on it.
> > However, you certainly do NOT want a lot of extra junk on a Firewall.
> >
> > Sheesh. RH7.1 did not even ship with a working IP Tables. I had to
> > download a working kernel and configure and compile it.
> >
> > I run Slackware on my Laptop and love it. I use Red Hat on my desktop
> > only because it is the most popular distribution with my clients and
> > the friend who built my desktop put it on and I was too lazy to install
> > Slackware over it. (Installing Red Hat over a running Slackware system
> > would have been just as much work and certainly greater than zero.)
> >
> > Any Set-UID or Set-GID program is a security risk. When I build a Firewall
> > I turn all of that stuff off. X always is first on my list and GPM is
> > second!
> >
> > > Thanks as always,
> >
> > > John
> >
> > Bob Toxen
> > transam at cavu.com [Bob's ALE Bulk email]
> > bob at verysecurelinux.com [Please use for email to me]
> > http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
> > http://www.realworldlinuxsecurity.com/ [My 5* book:"Real World Linux Security"]
> > http://www.cavu.com/sunset.html [Sunset Computer]
> > Fly-By-Day Consulting, Inc. "Don't go with a fly-by-night outfit!"
> > Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> > sent to listmaster at ale dot org.
> >
>
> glasher at nycap.rr.com
> You've been programmed by the Illuminati not to see the word "".
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
>
>
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list