On Thursday 06 March 2003 14:35, Todd Lyons wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > tarvid wrote on Thu, Mar 06, 2003 at 03:10:08AM -0500 : > > > > PLEASE PLEASE! DO NOT MAKE THE FIREWALL SERVE A BUNCH OF SERVICES! > > > > Try the converse on for size. > > You're making it sound as if I said either/or. I didn't spell it out > properly then. Do both. > My apologies, I've been caught in the crossfire myself.
For most users a $50 nat box off ebay is a better solution than a custom firewall. I don't know why the kiddies haven't been after these but I have yet to have a customer compromised behind one of them. The hazard is the new user who loads a distribution and checks everything. Msec sort of works but I've had to clean up aftter it too often. The real market for Linux solutions are businesses who need to control access both ways (in and out). Transparent proxy boxes are expensive and not all that easy to setup and use. I should have simply agreed and then pointed out it pays to tighten up any server. I build my servers by unchecking everything, letting Mandrake install urpmi and then loading exactly what is needed. Jim Tarvid
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
