RE: My first firewall
> In addition to plain ole iptables masquerade, I'd personally
> install squid, ntp, and bind. You may as well use squid to
> get some benefit out of the 8 gig hard drive. "Obviously"
> you want to dpkg --purge telnetd, etc.
BIND has been statistically one of the largest *nix exploits. I would
not recommend installing it on a firewall.
While things have gotten better and there are useful security measures
(chroot jails), it is not really worth putting on a firewall (which
should be dedicated, hardened and standalone, imo).
Squid I agree with, if you want/need a caching proxy. If you have a
fast connect or very few users, I'd say "Why bother?" Most places I
know that use them, besides for legal and policy reasons, get most use
out of them because users access the same content all the time
(www.aol.com, www.yahoo.com, organization webpages).
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com