Best firewall gateway version of Linux ?

Richard Cottrill richard_c at tpg.com.au
Tue Feb 12 12:02:04 EST 2002 

I think the closest thing I've heard of in the wild (for free) is the IPCop
project. It's a spin-off of Smoothwall but it uses ext3 so it should shrug
off slight power cuts... FWIW Smoothwall is preparing a new GPL release
'real soon now' which they claim will have lots of nifty goodies. I have
less time for the Smoothwall people since one of the founders called me a
cunt (and a few other carefully chosen names).

They're specialist installations (to the point where adding printer sharing
could be annoying) but the install is quick and easy. Installing either
should take anywhere from 5 - 15 minutes.

Richard

> -----Original Message-----
> From: linux-admin at lists.samba.org [mailto:linux-admin at lists.samba.org]On
> Behalf Of Michael James
> Sent: Monday, February 11, 2002 11:36 PM
> To: linux at lists.samba.org
> Subject: Re: Best firewall gateway version of Linux ?
>
>
> A couple of friends want to surf their Transact line from both a
> Mac and a PC. it would be handy but not nessessary to connect
> both at the same time.
>
> I plugged everything, Mac, PC, settop box, and printer into a hub.
> Each could connect but not simultaneously.
>
> Now I CAN connect twice through the same VDSL modem.
> >From a Redhat and a Suse box simultaneously.
> This only works to Netspeed, Webone won't wear it.
>
> Differences are they have the settop box,
>  I have the Marconi FLX modem.
> Also they are using the transact supplied software,
>  I'm using roaring penguin and smpppd.
>
> Originally I thought a linux connection server would be overkill
>  but it would also provide firewalling (and printer sharing).
> BUT it would have to really be stable, setup and forget. For years.
> They don't want the hassle, I don't want the work.
>
> So, in the fast-moving world of Linux,
>  (150Meg of patches since Suse7.3 came out)
>  can a box firewall itself well enough to survive unpatched.
>
> Using ipchains it's easy to setup a firewall
>  that allows only outgoing connections.
>
> Suse with reiserfs seems pretty immune to power-cycling,
>  (which is how they would fix any hangups).
> And the new Suse firewall has options to protect itself from attacks
>  even from the interior network.
>
> Smoothwall and gibraltar are also attractive,
>  just a CD, no writeable media.
> Power-cycling puts them into a known state.
> User upgradeable, just insert the new CD.
>
> Is linux ready to power the maintenance-free black-box internet appliance?
> --
> A right not exercised is a privilege
> a privilege not exercised is illegal.
>
> Michael James			michael at james.st
> 8 Brennan St			Phone: +61 2 6247 2556
> Hackett, ACT 2602		Mobile: +61 4 1747 4065
> AUSTRALIA			Fax: +61 2 6278 0011
>

More information about the linux mailing list