On Mon, Jan 22, 2001 at 11:46:59PM -0500, [EMAIL PROTECTED] wrote:
> Not to put down Linux, I used to be a huge fan, but for a Firewall I use
> OpenBSD or FreeBSD. They are both free as well, but ipf and ipfw are Much more
> powerful, and offer stateful inspection. Not to mention the kernel level
> security in *BSD adds quite a bit more protection to the firewall itself.
> Sorry if this does not answer the question at all.
No...
You make the common mistake that because OpenBSD is secure then
FreeBSD is secure and that because FreeBSD is high performance then
OpenBSD is high performance. They are NOT the same. Some of those
guys won't even SPEAK to each other. Theo de Ratt is a security fanatic,
whom I respect most of the time and could strangle some of the time.
I've shared a few beers with him at a security symposium and you don't
get into a discussion with him if you are thin skinned or not prepared
to back up your arguments (I'm neither). He also has his blind spots.
(Like the time the OpenBSD firewall got hacked during the capture the
flag game at DefCon because Theo let his password get sniffed :-) ).
Some of the FreeBSD folks detest him and can quote chapter and verse why.
Unfortunately, his abrasiveness has detracted from his intelligence and
some people on the FreeBSD side have been less than receptive, to say
the least.
I have OpenBSD and FreeBSD systems running side by side with
my Linux systems at multiple sites. FreeBSD != OpenBSD. No way, no
how. *BSD is an oxymoron. The one thing that the *BSD systems do
have in common is that they are all more difficult (for me and everyone
I know, at least) to manage and maintain. Your mileage may differ.
If you are more comfortable with *BSD then go for it. If you are NOT
comfortable with *BSD, then puting in a firewall based on it may be
a serious mistake, given that human errors are the most common source
of failures.
Given the personality conflicts that plague the BSD camps (plural
intentional and emphasized), I'll stick with my Linux based Netfilter
firewalls. :-)
> Mason
> Quoting Rohit Gupta <[EMAIL PROTECTED]>:
> > Is there any way out we can design a firewall using ipchains which
> > facilitates stateful inspection and url screening for Red Hat Linux 6.1
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
