[luau] Firewalls

MonMotha monmotha at indy.rr.com
Mon Oct 28 17:50:01 PST 2002


Randall Oshita wrote:
>Feel free to ask any additional questions on any (and/or all) point(s).
> 
> --MonMotha
> 
> What would be good (above average) specs for a PC hardware Linux router?
> So hardware would be the BIGGEST difference between a "real" and a Linux
> router correct? In terms of security can they be considered similar?
>  Thanks.
> 
> Randall Oshita
> 

I've successfully used a 486 /w 12MB of RAM for a dialup (the 12MB was 
pushing it tho).  I use a K6-2/350 /w 256MB daily for internet access as 
well as for file serving, etc.  The internal NIC is a simple $20 LinkSys 
  thing.  The external NIC is some no-name NE2000 PCI clone (only 
10Mbit) which is fine for my 2Mbit cable modem.  On this topic, I also 
haev a HomePNA card in for a couple systems upstairs to access the LAN 
(at a whopping 1Mbps!) which Linux bridges onto the normal ethernet.  It 
looks like another switch hop (even speaks spanning tree!).  Just 
another feature lacking on LinkSys routers :).

Security wise, the Linux box will be more flexible, though not always 
mroe secure.  Stateful firewalling makes it possible to make more secure 
rulesets, but it can also leave you open in a bug is found in it.  I try 
to achieve a balance between using the state match and using traditional 
packet filtering to offset the odd chance that a bug may be found in the 
connection tracking.

Security is of course dependent on the user as well.  It's possible to 
have a safe the size of Fort Knox, but if you leave the door unlocked 
it's not going to do much good.  Warren gave some good suggestsions on 
the security front too, pointing out the other problem with using a 
traditional Linux distro: it's a general purpose machine running a 
general purpose OS.  Part of this risk can be lessened by using a 
custom, special purpose distro, but the potential is still there.

--MonMotha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 252 bytes
Desc: not available
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20021028/15571397/attachment-0001.pgp>


More information about the LUAU mailing list