On Mon, 2004-07-26 at 15:55, Aaron Gaudio wrote:
> > On Mon, 2004-07-26 at 08:01, Botond Kardos wrote:
>
> > >
> > > I disagree with you and share the opinion of Bruno. If you want to
> > > have other ports open than just simple HTTP or FTP, you'll end up in
> > > spending at least the same amount of hours with configuring your box
> > > like you would spend with your own Linux. (For example I wasn't able to
> > > properly set up an SMC router to let DC++ out/in but filter other
> > > outgoing packets.)
> > > They're simply cheaper, more silent, consume less power, dissipate
> > > less heap and need less cables. They don't protect better.
> >
>
> There is one additional difference: if someone hacks the router, you can
> always power-cycle it (unless they manage to infect the firmware) to
> return to the original setup. To do the same with a normal box, you
> would have to have it set up using read-only media (boot from CD or the
> like).
>
For this reason I keep a copy of the whole /etc directory of my
firewall in a safe place. But one can have a complete HD image too. :)
