Best firewall gateway version of Linux ?
grail at goldweb.com.au
Tue Jan 15 15:37:14 EST 2002
On Tuesday, January 15, 2002, at 01:27 , Nathan Le Nevez wrote:
> Since when has OpenBSD been considered a 'linux'? It's a completely
> different operating system, much like FreeBSD, NetBSD.
Forgive me for daring to suggest that there was another OS out there
which could possibly be more secure than Linux. It's just curious to me
that lots of people seem to have this idea that the only choice is
"Windows or Linux?"
OpenBSD was designed to be as secure as possible. People who say "which
version of Linux should I use for my firewall" may as well be saying
"which version of Windows should I use for my firewall?"
There are other options.
Then there's the second mistake the original poster made, about *how* to
set up a mail server on the firewall box - not *should he* set up a
mail server on the firewall box. He may as well have been saying, "Which
version of IIS should I use for my mission-critical web site?"
There's no point setting up a firewall to protect your Windows boxes
from the Internet if you're going to run inetd, telnet or sendmail on
I agree with other posters - it's probably better to at least start off
with "DIY" on Debian if you're really keen to restrict yourself to Linux
(can we say "ping of death*"?). Then once you're aware of the issues,
and are ready to step away from the purely masquerading firewall,
consider one of the pre-packaged solutions which you've researched
yourself - thus spending 40 hours of research to save 1000 hours of
To answer your original question - yes, I'm aware that OpenBSD is not a
Linux, but the original poster was asking a question which indicated he
was dangerously under-informed. The purpose of a firewall is to enhance
the security of your home network - with a very distant second place
going to doing so in a convenient/expedient manner.
* And yes, I'm aware that the ping of death problem was quickly
rectified. The question remains though - how many more flaws are there
in Linux networking code that we just don't know about yet? It's
possible that the only reason we don't see many more exploits for
Linux/Apache bugs is that Linux/Apache isn't yet as populous as
More information about the linux