Best firewall gateway version of Linux ?

Matthew Hawkins matthew at topic.com.au
Tue Jan 15 20:57:34 EST 2002


On Tue, 15 Jan 2002, Damien Elmes wrote:
> and thus openbsd is often touted as 'security by default'. but i know of few
> boxes that are installed and then left alone, and by suggesting obsd is more
> secure, you're really only lulling them into a false sense of security.

If its going to be a dedicated firewall/router you can get away with the
defaults, however one of my biggest gripes with all the BSD's is that
the kernel "securelevel" parameter - vaguely similar to Linux
capabilities just not as well executed - is rendered utterly useless if
you have to run an X11 server on the box.  Granted, not many people are
going to run an X11 server on a firewall, but on a workstation or server
which must run X11, one might like to up securelevel to get the benefits
of which there is no other way to obtain - but you can't.  That's just
plain wrong, and it makes you wonder - and start to investigate when you
have the time - what other security-related items are just as shallow.

-- 
Matt




More information about the linux mailing list