Re: Debian as My home firewall/router
On Sat, 27 Feb 2016 12:15:21 -0300
Renaud (Ron) OLGIATI <renaud@olgiati-in-paraguay.org> wrote:
> On Sat, 27 Feb 2016 15:22:09 +0100
> heqamilus <heqamilus@runbox.com> wrote:
>
> > I know that is possible to build a firewall using Debian.
>
> It is possible, but why go to the bother when you have dedicated distributions like IPCop that come ready to go, and are by design more secure than a specially-configured Debian will be.
Please. "Out-of-the-box" IPCop (version 2.1.8 I just grabbed from the
Sourceforge) does have:
1) No meaningful DNSSEC capability.
2) Presence of libfontconfig.so *and* fonts for no good reason.
3) Bunch of questionable quality root-owner SUID binaries
in /usr/local/bin, intended to be called from Web-interface.
4) Lack of any pre-installed IDS.
5) Outdated kernel 3.4, configured *without* SELinux, Apparmor or
tomoyo support.
Oh, did I mention that *primary* download mirror for this distribution
is the Sourceforge?
IPCop can be an interesting solution for a host on an internal network,
which nobody intends to poke, but suggesting putting *this* to serve
as a firewall from an Internet is a joke.
Reco
Reply to: