RE: My first firewall

To: debian-firewall@lists.debian.org
Subject: RE: My first firewall
From: James <james@james-web.net>
Date: Tue, 21 May 2002 11:26:51 -0400
Message-id: <[🔎] 000901c200db$ee3f9f60$6600a8c0@jamesdesktop>
In-reply-to: <[🔎] OF1369631C.853F7577-ON86256BC0.0052A7D8@norlight.com>

> In addition to plain ole iptables masquerade, I'd personally 
> install squid, ntp, and bind.  You may as well use squid to 
> get some benefit out of the 8 gig hard drive.  "Obviously" 
> you want to dpkg --purge telnetd, etc.

BIND has been statistically one of the largest *nix exploits.  I would
not recommend installing it on a firewall.

While things have gotten better and there are useful security measures
(chroot jails), it is not really worth putting on a firewall (which
should be dedicated, hardened and standalone, imo).

Squid I agree with, if you want/need a caching proxy.  If you have a
fast connect or very few users, I'd say "Why bother?"  Most places I
know that use them, besides for legal and policy reasons, get most use
out of them because users access the same content all the time
(www.aol.com, www.yahoo.com, organization webpages).

- James


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: My first firewall
  - From: "Arne P. Boettger" <apb@wohnheim.fh-wedel.de>
- Re: My first firewall
  - From: nishan <nishan@t3.com>

References:
- Re: My first firewall
  - From: "Vince Mulhollon" <vlm@norlight.com>

Prev by Date: Re: My first firewall
Next by Date: unsubscribe
Previous by thread: Re: My first firewall
Next by thread: Re: My first firewall
Index(es):
- Date
- Thread