Re: [fw-wiz] Linux Firewall Distributions

From: Kevin Sheldrake (kev_at_electriccat.co.uk)
Date: 09/02/04

  • Next message: Paul D. Robertson: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules" 
    To: "Skander Ben Mansour" <firewall-wizards@benmansour.net>, firewall-wizards@honor.icsalabs.com
Date: Thu, 02 Sep 2004 19:10:13 +0100

    Personally, I built mine on gentoo Linux (www.gentoo.org). It's a bit
    more of an involved install, but it is exceptionally well documented on
    the site (make sure you have Internet access while building it!). The
    beauty of gentoo is that all the 'packages' are provided in configured
    source-balls rather than binary-balls; while it takes longer to compile
    source than it does to copy binaries, it does mean your installation is
    optimized precisely for your hardware. Due to the way dependencies are
    handled, it appears that gentoo is free of the dependency nightmare you
    can find with other Linuxes.

    In terms of gentoo versus a firewall-configured-linux, you might want to
    bear in mind the following factors:
    1) Installing and configuring gentoo by hand means you'll understand a lot
    more about how it works and how to reconfigure it as things change.
    Packaged distros seem to do strange non-standard things that can be hard
    to phathom.
    2) Because you'll want to keep it patched up to date, you will probably
    want a distro that has good package management, including dependency
    management. I think gentoo excels here. Gentoo are also very quick at
    getting patches tested and published.
    3) Because gentoo is built from the ground up, you'll only ever install
    software that you want; you'll never build a gentoo box and find a stray
    service that you didn't want. This is good for security as well as your
    disk space.

    For interest, my gentoo firewall runs two ethernet NICs and one wifi NIC.
    The wifi network is covered by IPSec (using 2.6 kernel IPSec and
    strongswan, at present). I use iptables to provide the firewalling
    functionality. Other than a cron daemon and a syslogger, I've installed
    very little else. And all that runs beautifully on a 266MHz P2.

    I've used two packaged firewall linux distros in the past and I wasn't
    impressed with either. They both performed well, they just made it very
    difficult to hand maintain.

    Kev

    > Hi Firewall-Wizards,
    >
    > Does anyone have experience with Linux based Firewall/Router
    > distributions ?
    >
    > I am looking for a cost-effective firewall capable of handling three
    > security domains (Internal Network, the Internet, and a DMZ) for a SOHO.
    >
    > A hardened linux box running NetFilter/IPtables with three network cards
    > looks like a good fit.
    > However, I would also welcome suggestions regarding low-budget hardware
    > firewalls meeting these requirements.
    >
    > I believe that the now defunct Linux Router Project
    > (http://www.linuxrouter.org/) has left some successors:
    >
    > http://leaf.sourceforge.net/
    > http://www.smoothwall.org/
    > http://www.devil-linux.org/
    >
    > Please let me know if you have used one of these linux firewall
    > distributions and what your experience was (installation, configuration,
    > maintenance).
    >
    > Thanks!
    >
    > Best Regards,
    >
    > Skander Ben Mansour
    > ---
    > http://www.benmansour.net/
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    > 

    -- 
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Paul D. Robertson: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"

    Relevant Pages

    • Re: How safe Am I? tpf,hardware fw,socks,etc
      ... My guess is Linux will be mainstream someday and it is extremely stable ... because you didn't install patches or RTFM? ... > hard- ware firewall. ... however the operating system is much stabler than Windoze and you will ...
      (comp.security.firewalls)
    • Overview of a few Linux Distos - not in depth from a home user
      ... This is a gloss over of some Linux distro's I have tried recently and what ... Gentoo - This is a very nice distro, ... lot from Gentoo as the install forces you to think about what you are ...
      (comp.os.linux.misc)
    • Re: My Mandrake 10.0 experience
      ... > chooses NOT to install any of them. ... > fed up with people who come in here and bash Linux when they don't know ... Why would anyone think he will carefully follow the excellent Gentoo ...
      (alt.os.linux)
    • Re: Seven Percent
      ... Gentoo took fourth place with a total of 9.6 percent. ... Gentoo, to me, is a Linux expert's Linux. ... The new installer is is pretty good and they do not advocate a stage 1 install anymore either as it doesn't give the performance boost compared to the work involved. ... I personally find having the packages installed in their default locations, ...
      (Fedora)
    • Re: New To Linux
      ... > Go to each linux vendor's site and see how you like them. ... I think for your first distribution, ... Gentoo Linux has a long install process (though ...
      (alt.linux)