[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: My first firewall

> In addition to plain ole iptables masquerade, I'd personally 
> install squid, ntp, and bind.  You may as well use squid to 
> get some benefit out of the 8 gig hard drive.  "Obviously" 
> you want to dpkg --purge telnetd, etc.

BIND has been statistically one of the largest *nix exploits.  I would
not recommend installing it on a firewall.

While things have gotten better and there are useful security measures
(chroot jails), it is not really worth putting on a firewall (which
should be dedicated, hardened and standalone, imo).

Squid I agree with, if you want/need a caching proxy.  If you have a
fast connect or very few users, I'd say "Why bother?"  Most places I
know that use them, besides for legal and policy reasons, get most use
out of them because users access the same content all the time
(www.aol.com, www.yahoo.com, organization webpages).

- James

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: