On Thu, Oct 04, 2001 at 10:40:21PM -0700, Seth Cohn wrote: > Yeah, Bob, I'm looking at some of this and > wondering where the line needs to be drawn... > > on one level, a little SMC or Linksys is the > answer. But as Michelle said to me recently, > they won't do stateful... and on the other end of > the spectrum is the invisible firewalls she and > Tim have done... > > But then a 'single box' is a attrative answer, > but it's also a single point of failure. > > I'm thinking about this stuff a lot lately, > becasue of the stuff I want to setup... >
I'm pretty happy with my 486 running OpenBSD. Comes with a stateful packet filter (that's pretty easy to set up) and can be used in "invisible" bridge mode. And if I want to get fancy, it has everything I would need to do make an IPsec vpn. Yes it does have things like apache and sendmail also, but chmod 0000 makes them pretty useless. Did I mention all that's needed for install is a single floppy and a network connection (to get two files - a kernel and a tarball)? Oh yeah, the next release, due out Dec. 1, will have integrated ALTQ. http://www.openbsd.org/cgi-bin/man.cgi?query=altq -- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
