[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian as My home firewall/router

On Sat, 27 Feb 2016 12:15:21 -0300
Renaud (Ron) OLGIATI <renaud@olgiati-in-paraguay.org> wrote:

> On Sat, 27 Feb 2016 15:22:09 +0100
> heqamilus <heqamilus@runbox.com> wrote:
> 
> > I know that is possible to build a firewall using Debian.
> 
> It is possible, but why go to the bother when you have dedicated distributions like IPCop that come ready to go, and are by design more secure than a specially-configured Debian will be.

Please. "Out-of-the-box" IPCop (version 2.1.8 I just grabbed from the
Sourceforge) does have:

1) No meaningful DNSSEC capability.

2) Presence of libfontconfig.so *and* fonts for no good reason.

3) Bunch of questionable quality root-owner SUID binaries
in /usr/local/bin, intended to be called from Web-interface.

4) Lack of any pre-installed IDS.

5) Outdated kernel 3.4, configured *without* SELinux, Apparmor or
tomoyo support.


Oh, did I mention that *primary* download mirror for this distribution
is the Sourceforge?

IPCop can be an interesting solution for a host on an internal network,
which nobody intends to poke, but suggesting putting *this* to serve
as a firewall from an Internet is a joke.

Reco
Reply to: