[wplug] DSL prep
Duncan Hutty
dhutty+wplug at ece.cmu.edu
Wed Feb 6 09:13:30 EST 2008
Brian A. Seklecki wrote:
> Move fast. Time of of the essence. Put an OpenBSD box in front of it
> running pf(4) and pray that no one ever reads your SMTP headers.
>
> ~BAS
>
Bad Lava. I don't think he was looking for BSD evangelism.
You know that it's perfectly possible to run nice safe linux boxen as routers for this situation. You should also be aware that there are plenty of large organisations including local .edu installations that have linux machines on publicly routable addresses without firewalls or NAT without getting compromised all the time.
The OP should realise the risks (which it appears that he does) and
assess whether he has the skills/knowledge/time (or the inclination to
learn them) in order to mitigate those risks down to what he considers
to be acceptable levels for this situation. This is the fundamental
question in security. And well you know it.
If, on the other hand, you want to suggest that OpenBSD/pf would be a
better solution for this situation. I'm sure wplug would be interested
in a presentation complete with analysis and howto:)
--
Duncan Hutty
More information about the wplug
mailing list