John H Terpstra wrote: > Please help us to understand why an Internet firewall should be a > dedicated machine. There might be one or two people on this list who > would disagree with this assertion.
I smell flame bait... ;-) Simply put, because an Internet firewall is providing a security function and if there is a mistake, security suffers. The more software you put on any machine, the more opportunities there are for Murphy's Law to operate. Thus, IPCop, Smoothwall, and other router/ firewall distributions are deliberately stripped-down to the bare essentials. All included software is carefully selected and tested for security and stability. Furthermore, a good web UI makes it easy for the end-user/ administrator to configure the router/ firewall as desired without having to worry about arcane packet filtering syntax, dependencies, restarting services, etc.; thus reducing the likelihood of mis-configuration. I've done the Linux combination firewall/ router/ server in the past; IPCop and a leftover machine is *so* much easier, and I sleep better at night. :-) HTH, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
