> Speed: > The leaner the kernel is as far as the firewall is concerned, the > quicker it is able to handle packet forwarding/etc.
A modularized kernel can be leaner, since it doesnt require compiles all the time to get rid of unwanted parts. > Security: > Having module support on a firewall machine invites the possibility > that one of the modules can be compromised through a trojan. This is also true for /sbin/init. I think the firewall has to be designed to be immutable/secure after a reboot (i.E. boot from read-only media) or/and do some checksums. Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (O____O) If privacy is outlawed only Outlaws have privacy -- E-mail the word "unsubscribe" to [EMAIL PROTECTED] TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to [EMAIL PROTECTED] .
