I created a maintenance system for LFS that allows me to install specific
configurations in what I Debug/Development/Production.
"Production" only has strictly necessary software (compiler not being one of
them)
I can actually instantiate a full blown-fully functional LFS box in about 20
minutes. And I can upgrade packages! :)
And yes, compilers are bad...
ET
Eric Shubert writes:
On 07/22/2012 04:04 AM, [email protected] wrote:
Hello World:
I run my firewall on a LFS box.
Everything on it is compiled from source.
No bells and whistles, only the essential software is installed.
The hardware is 64 bits but I've been running 32 bit OS.
This time around I am wondering...
The question is:
Is there any advantage to compiling the whole iptables enchilada in 64
bits?
Should it be avoided?
Please note that the 'normal' rules like 'more than 4GB and/or
32-bit-adobe' do not apply here, what I am looking for is whether
filtering/marking will be faster/slower and (if known) why.
Any ideas?
Tnx
ET
I trust Joseph's answers to just about everything, including this.
On a side note, I'd like to point out that having a compiler on a security
device such as a firewall (or any linux host for that matter) is a bit of
a security risk, as some malware relies on being able to compile the code
on the compromised host. So if your intention by using LFS is to make your
firewall more secure, you might be coming up short if you're building the
software on the firewall host itself. Personally, I use IPCop, which is
(also) LFS based.
--
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
