[Gllug] Opinions on Smoothwall and other firewalls

tet at accucard.com tet at accucard.com
Tue Oct 9 08:16:56 UTC 2001


>Now that Linux has (finally) got stateful filtering, I can't see any
>reason why it shouldn't be a sensible choice for a PC based
>firewall.

There are a couple. The most obvious of which is that every line of
code in OpenBSD has been audited to ensure there are no security holes.
Even the most minimal Linux install can't claim that (although things
are certainly getting better, with projects like LSAP). A firewall is
the one place, more than any other, where you absolutely need that
level of security.

The other advantage of OpenBSD is that it's trivial to get up and
running. Simply install it, edit the required config files, reboot,
and you have a firewall up and running. Much as I love Linux, I
couldn't have achieved the same result in anywhere near the same time.
And before setting up my firewall when I got my DSL earlier this year,
I hadn't used BSD since 1991 (and then only as a user, not an admin),
so I can't claim it was so quick because I already knew how to do it.

Tet

PS. Of course, the truly paranoid would run both BSD and Linux firewalls
    (perhaps using VMware or similar) to ensure that even if a vulnerability
    was found in one, they would still have the other one to protect them.
    We run multiple firewalls from different vendors at work, for precisely
    that reason.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list