RE: My first firewall
> In addition to plain ole iptables masquerade, I'd personally
> install squid, ntp, and bind. You may as well use squid to
> get some benefit out of the 8 gig hard drive. "Obviously"
> you want to dpkg --purge telnetd, etc.
BIND has been statistically one of the largest *nix exploits. I would
not recommend installing it on a firewall.
While things have gotten better and there are useful security measures
(chroot jails), it is not really worth putting on a firewall (which
should be dedicated, hardened and standalone, imo).
Squid I agree with, if you want/need a caching proxy. If you have a
fast connect or very few users, I'd say "Why bother?" Most places I
know that use them, besides for legal and policy reasons, get most use
out of them because users access the same content all the time
(www.aol.com, www.yahoo.com, organization webpages).
- James
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: