Re: Should I propose a Debian Firewall?

To: Paul M Sargent <pauls@3dlabs.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: Should I propose a Debian Firewall?
From: "Michael W. Shaffer" <mwshaffer@yahoo.com>
Date: Mon, 29 Nov 1999 08:33:08 -0800 (PST)
Message-id: <[🔎] 19991129163308.5568.rocketmail@web207.mail.yahoo.com>

I can't speak to the security issue except to say that I
use Debian boxes with the 2.2 kernel and ipchains for firewalling
and routing both at home and at customer sites. I also used a
commercial firewall in a past life (PIX) and was pleased with
it except for the connection limitations you refer to. I find
ipchains to be reasonable, flexible, and most importantly
understandable. I use logging in all my firewall rulesets for
denied packets, and I see denied attacks of various sorts
against my home machine about every five minutes or so while
I am connected. I feel, if anything, more secure with the
Debian based firewall. I haven't had any compromises of a
Debian protected network that I am aware of, but then that
doesn't really prove anything. 

If you are interested, I just spent a couple days whittling
down a Debian system to provide WAN routing, dial on demand,
dns, dhcp, and firewalling all on one floppy. I have been looking
for an excuse to organize all my notes in a presentable manner,
and I'd be happy to try and answer any questions you might
have. My intention was basically what you stated, to produce
a simple box with absolutely nothing except the kernel, a few
selected daemons, and a couple other necessary things like
ash and init just for processing startup scripts. No interactive
or network logins, no logging except to console or remote,
everything runs from a 4MB ramdisk once booted. Using this
sort of setup you can provide quick and dirty emergency
reserve systems on just a floppy; set up new boxes with almost
no installation; or just make a really cheap routers with a 
scavenged motherboard, 16MB RAM, a floppy, and ethernet cards 
or a modem. I also have managed to fit a complete working 
'winserver' with dhcp and samba on one floppy, although this 
one would really like to have some disk in the machine for 
meaningful print spooling and file shares.



__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one place.
Yahoo! Shopping: http://shopping.yahoo.com

Reply to:

Follow-Ups:
- Re: Should I propose a Debian Firewall?
  - From: Rene Mayrhofer <rene.mayrhofer@vianova.at>

Prev by Date: Re: Should I propose a Debian Firewall?
Next by Date: Re: Should I propose a Debian Firewall?
Previous by thread: Re: Should I propose a Debian Firewall?
Next by thread: Re: Should I propose a Debian Firewall?
Index(es):
- Date
- Thread