Best firewall gateway version of Linux ?

Alex Satrapa grail at goldweb.com.au
Tue Jan 15 15:37:14 EST 2002 

On Tuesday, January 15, 2002, at 01:27 , Nathan Le Nevez wrote:

>> OpenBSD.
>
> Since when has OpenBSD been considered a 'linux'? It's a completely
> different operating system, much like FreeBSD, NetBSD.

Forgive me for daring to suggest that there was another OS out there 
which could possibly be more secure than Linux. It's just curious to me 
that lots of people seem to have this idea that the only choice is 
"Windows or Linux?"

OpenBSD was designed to be as secure as possible.  People who say "which 
version of Linux should I use for my firewall" may as well be saying 
"which version of Windows should I use for my firewall?"

There are other options.

Then there's the second mistake the original poster made, about *how* to 
set up a mail server on the firewall box - not *should he* set up  a 
mail server on the firewall box. He may as well have been saying, "Which 
version of IIS should I use for my mission-critical web site?"

There's no point setting up a firewall to protect your Windows boxes 
from the Internet if you're going to run inetd, telnet or sendmail on 
the firewall.

I agree with other posters - it's probably better to at least start off 
with "DIY" on Debian if you're really keen to restrict yourself to Linux 
(can we say "ping of death*"?).  Then once you're aware of the issues, 
and are ready to step away from the purely masquerading firewall, 
consider one of the pre-packaged solutions which you've researched 
yourself - thus spending 40 hours of research to save 1000 hours of 
reimplementation.

To answer your original question - yes, I'm aware that OpenBSD is not a 
Linux, but the original poster was asking a question which indicated he 
was dangerously under-informed.  The purpose of a firewall is to enhance 
the security of your home network - with a very distant second place 
going to doing so in a convenient/expedient manner.

Regards
Alex Satrapa

* And yes, I'm aware that the ping of death problem was quickly 
rectified.  The question remains though - how many more flaws are there 
in Linux networking code that we just don't know about yet?  It's 
possible that the only reason we don't see many more exploits for 
Linux/Apache bugs is that Linux/Apache isn't yet as populous as 
Windows/IIS.

More information about the linux mailing list