On Mon, Oct 07, 2002 at 10:23:29AM -0700, David Mandel wrote: > On Fri, 4 Oct 2002, Rob Hudson wrote: > > > I'm setting up a firewall/gateway at my house. > > > > What should I use? IPchains? What's the other option?
> Firewall distros include such things as: > > floppyfw > Linux Router Project > SmoothWall > Astaro Security Linux > Netule > Trustix > and about 150 million others. Of course, there's always OpenBSD :) The latest snapshots (ftp://ftp.openbsd.org/pub/OpenBSD/snapshots) are very close to what 3.2 will be. The CVS tree has already been tagged with OPENBSD_3_2, which will probably officially be release the first week of November. Imagine that, an *early* OS release ;) Since the 3.1 cycle saw the first remote hole in the default install in nearly six years, the default install has been tightened quite a bit. Even fewer daemons are started by default, and the ones that are only listen for local connections (except sshd). More daemons (and X) drop their root privileges soon after startup and run as shell-less users. Apache chroots a by default. OpenSSH uses privilege separation and the new systrace can be used to enforce all kinds of security policies. Also, pf, OpenBSD's packet filter has seen quite a few enhancements. Lots of small fixes to IPsec, IPv6, bridging, and just about every other way to send packets across a wire. Oh, and the installer has been "smartened" (you will have to install to understand :). -- <[EMAIL PROTECTED]> _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
