[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux firewall question.

> Speed:
> The leaner the kernel is as far as the firewall is concerned, the
> quicker it is able to handle packet forwarding/etc. 

A modularized kernel can be leaner, since it doesnt require compiles all the
time to get rid of unwanted parts.

> Security:
> Having module support on a firewall machine  invites the possibility
> that one of the modules can be compromised through a trojan.

This is also true for /sbin/init. I think the firewall has to be designed to
be immutable/secure after a reboot (i.E. boot from read-only media) or/and
do some checksums.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy

E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  E-mail to listmaster@debian.org .

Reply to: