[Gllug] Opinions on Smoothwall and other firewalls

[Ian Northeast]

Simon Stewart wrote:
> 
> On Fri, Oct 05, 2001 at 12:02:24PM +0100, Walid wrote:
> 
> > > Contact Tushar at Turtle Networks. He I'm sure can configure a good firewall
> > > for you, based on BSD.
> >
> > That is the way to go OpenBSD, I like that :)
> 
> There's one advantage that I can see with the *BSD ipfilter tools over
> iptables: it's older, and therefore has had more testing.

I have been thinking about switching my firewall to OBSD, and have
indeed just collected all the bits to build another basic PC to run it
on for £0 (except the fan wire - I can improvise here I think:). But the
problem is that I use ISDN, and i4b apparantly doesn't have LZS
compression.

> Now that Linux has (finally) got stateful filtering, I can't see any
> reason why it shouldn't be a sensible choice for a PC based
> firewall. Now all you want to consider is content filtering.... :)

And this needs a 2.4 kernel, which also seems to have trouble with LZS
compression - at least I cannot get it to work reliably at 128K which I
can on 2.2.

So to get a decent firewall and have my ISDN link using compression and
BoD, which is what I want, it seems to me that I have to chain two
machines together - an ISDN router using Linux 2.2 and an OBSD firewall
with two ethernet cards. This will work of course but it seems a little
heavy. The price of ethernet cards is not a concern as I can use 10Mb
ones which people throw away, it's just that 2 PCs occupy twice the
space and space is tight as there are a lot of PCs round here. 

Aside from buying a router, which goes against the grain for a job which
a cheap/free PC can do, or coding an LZS module for i4b or doing some
work on the i4l one in 2.4, which I think is beyond my skill (I am not a
really a programmer, I can knock out the odd bit of C but I'm a sysadmin
by trade), can anyone think of a better solution? 

Regards, Ian

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug