OT: ADSL safe practices and setting up a home network
Eugen Leitl
eugen at leitl.org
Fri Apr 14 17:28:29 UTC 2006
On Fri, Apr 14, 2006 at 10:13:35AM -0700, Wolfgang S. Rupprecht wrote:
> Note, I can't see the value of running one of those under-powered
> boxes as a firewall. Why? It uses the same software firewall that
200 MHz MIPSel with 32 MBytes RAM is underpowered for a residential
firewall? Only for most extreme P2P users. If it sucks you're running
the wrong firmware.
If it's underpowered, use a 266 MHz soekris or wrap board with 128 MBytes --
and add swap space, if you must. If it's *still* underpowered, take a
mini-ITX Eden, booting from compact flash.
> fedora does. Why not run the firewall on a more powerful box like
> your main computer?
Because a software firewall is complementary to an external
firewall. You could risk running a rich environment behind
an external firewall without exposing your soft white underbelly
to the net badness -- but arguably you should run a tight
ship nevertheless. Notice that a software firewall can
in principle know which application is using which port -- which
an external firewall wouldn't know.
Arguably (though it's overkill for a standard box) you
could run RSBAC/grsecurity/selinux/PaX as an extra hardening
layer.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060414/9be2bf0c/attachment-0001.sig>
More information about the fedora-list
mailing list