Russell Fulton <[EMAIL PROTECTED]> wrote: | On Sat, 2004-10-09 at 19:24, Siju George wrote: | | > I ''ve read some articles on hardening OpenBSD and also received | > suggestions. They tell me it is not a good Idea to install a GUI or | > compiler on an OpenBSD machine that acts as a firewall. | | Gui applications (particularly web based ones which are the easiest to | write) tend to be complex and insecure, this is a good reason to keep | them off the firewall itself. | | We have a home grown web based network management system which | includes the ability to do most of the configuration necessary for pf | in our environment. This app runs on another system and we use ssh to | download pf.conf to the firewalls. THis is a reasonable compromise.
on the other hand, i'd personally rather have an openbsd firewall with a gui than a windows based one... reminds me of an old andy capp cartoon: a guy walks into a bar looking for someone to complete a football team: guy: "who's the best football player in the place?" andy capp (obviously very drunk): "me, when i'm sober." guy: "all right then, who's the *second* best football player in the place?" andy capp: "me, when i'm drunk!" best firewall: openbsd without a gui second best firewall: openbsd with a gui just my 2 rubles cheers, pete g
