Thus spoke David Douthitt:
> * Using a new glibc means you are no longer able to use a floppy
> (probably).
Especially if combined with a 2.4 kernel.
> * Linux 2.4 is not really yet fully solid and stable; wait for 2.4.9 :)
For the class of hw generally used under LRP, I don't think that the
stability issue is that great a concern (it's been very stable for me
running on 4 different boxes ranging from a 486/50 to a K6-II/350).
> * Many patches are not yet available for 2.4 - patches I've been
> watching include: linux progress patch, proconfig, linuxrc-always,
> initrd, VPN+Masq, and openwall.... many of these are not yet available
> for 2.4.
This is a very definite problem. I'm currently running an LRP box just so
I can masquerade my PPTP clients. All of my other traffic is through a
2.4.2/Shorewall system. The latter's disk footprint is huge by LRP
standards however:
[root@firewall /root]# df
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/hda1 387022 155070 211970 43% /
/dev/hda5 15856 2385 12641 16% /boot
[root@firewall /root]#
>
> There really is two issues here (and my opinions with them):
>
> * using a more up-to-date glibc - this is something to seriously
> consider, methinks.
Nod -- the current situation makes LRP package creation much more
cumbersome that it should be.
> * using Linux 2.4 - this may be worth avoiding for production systems
> right now... but keep watching.
>
As I've mentioned, I think that the lack of patches is the critical factor
there. On the other hand, once you become comfortable with iptables,
you'll not want to go back to ipchains.
My $.02
-Tom
--
Tom Eastep \ Alt Email: [EMAIL PROTECTED]
ICQ #60745924 \ Websites: http://seawall.sourceforge.net
[EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org
Shoreline, Washington USA \___________________________________________
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
