On Fri, Apr 14, 2006 at 10:13:35AM -0700, Wolfgang S. Rupprecht wrote: > Note, I can't see the value of running one of those under-powered > boxes as a firewall. Why? It uses the same software firewall that 200 MHz MIPSel with 32 MBytes RAM is underpowered for a residential firewall? Only for most extreme P2P users. If it sucks you're running the wrong firmware. If it's underpowered, use a 266 MHz soekris or wrap board with 128 MBytes -- and add swap space, if you must. If it's *still* underpowered, take a mini-ITX Eden, booting from compact flash. > fedora does. Why not run the firewall on a more powerful box like > your main computer? Because a software firewall is complementary to an external firewall. You could risk running a rich environment behind an external firewall without exposing your soft white underbelly to the net badness -- but arguably you should run a tight ship nevertheless. Notice that a software firewall can in principle know which application is using which port -- which an external firewall wouldn't know. Arguably (though it's overkill for a standard box) you could run RSBAC/grsecurity/selinux/PaX as an extra hardening layer. -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Attachment:
signature.asc
Description: Digital signature
