-----BEGIN PGP SIGNED MESSAGE-----
I have several firewalls in use running on Linux for the following reasons
(in no particular order)
1. it is cheap, both the software and the hardware. This means that when
someone proposes putting a firewall somewhere it is mostly a matter of
time to install it (the PC we usually scrounge from someone who is
upgrading). free vs. ~$20,000 for a sun solution is a powerful argument
especially if you would like to deploy several
2. in part becouse it is cheap you can deploy several of them each tuned
to the particular job rather then getting one big multi-legged box to
connect several networks. As each firewall is simpler it is easier to
setup and less likly to be misconfigured.
3. If you need basic packet filtering everything is there already, The
same thing if you need many -> one NAT (linux calls it masquerading). If
you need proxys you can get a basic set in the FWTK and can reasonably
crate more specialized ones yourself.
4. with the 2.0 kernel series if you don't need proxys you can setup a
firewall that configures itself and then halts the system. The kernel will
continue to run and move your packets, but there is no userspace running
for someone to crack into, with the 2.2. kernels that is not possible now,
but people are working to re-enable it (the 2.2 kernel decides that if
init dies the system needs to reboot and does so immediatly)
if you use linux you will want to be careful when you install it to strip
things down. A full firewall install including perl should be in the
40-50MB range for slackware and 90MB range for redhat (redhat installs a
_lot_ of libraries that I have not jet had time to weed through and
eliminate)
David Lang
On Thu, 11 Mar 1999 [EMAIL PROTECTED] wrote:
> Date: Thu, 11 Mar 1999 10:37:45 -0500
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Linux Firewall solutions
>
> I'm sure there must have been some chatter about using Linux as a firewall
> on this list.
>
> I'm looking for what is available for linux to either make it a firewall or
> configure it as one. I'm also looking for opinons as to why or why not I
> would even want to consider using linux as a firewall.
>
> Many thanks
>
> Mike
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNugycj7msCGEppcbAQFxgQf9Eh8V5bvhA+RgILHQruegSvnNZtRlcGbb
1xEJ8JnHMFTtoLHnVSFqwGYfYLDUDIcE5BbnoFJH0WVzaoCx2uAkGUKzT4DpQFyb
JuEx0G49vuBwHgL5xy8gnX+qZREy08I0/P1TGkd2B9eM3/vkg/eIBjGDZnt673pp
hy/CxrkhQaCMRVoiAH3JEZSwWu5K4z871aiUR9bkBlSnWYlTtLCiiyhYhqgoBnr0
Kuq9GmeJd8JrHemfbV3JO7QKY5lMU1NQpAxJZxbNzY0Vh9coSjbw2sK4E75v+T25
EwCu+ILafR+kGd1REtzdk3QT9AXLVSIlDVNrWBbrw6PVbtf5K8H1lg==
=M/lQ
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
