Re: OT: ADSL safe practices and setting up a home network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 14, 2006 at 10:13:35AM -0700, Wolfgang S. Rupprecht wrote:

> Note, I can't see the value of running one of those under-powered
> boxes as a firewall.  Why?  It uses the same software firewall that

200 MHz MIPSel with 32 MBytes RAM is underpowered for a residential
firewall? Only for most extreme P2P users. If it sucks you're running
the wrong firmware. 

If it's underpowered, use a 266 MHz soekris or wrap board with 128 MBytes --
and add swap space, if you must. If it's *still* underpowered, take a 
mini-ITX Eden, booting from compact flash.

> fedora does.  Why not run the firewall on a more powerful box like
> your main computer?

Because a software firewall is complementary to an external
firewall. You could risk running a rich environment behind
an external firewall without exposing your soft white underbelly
to the net badness -- but arguably you should run a tight
ship nevertheless. Notice that a software firewall can
in principle know which application is using which port -- which
an external firewall wouldn't know.

Arguably (though it's overkill for a standard box) you
could run RSBAC/grsecurity/selinux/PaX as an extra hardening
layer.

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux