[wplug] DSL prep
Tom Rhodes
trhodes at FreeBSD.org
Wed Feb 6 18:42:55 EST 2008
On Wed, 06 Feb 2008 09:13:30 -0500
Duncan Hutty <dhutty+wplug at ece.cmu.edu> wrote:
> Brian A. Seklecki wrote:
> > Move fast. Time of of the essence. Put an OpenBSD box in front of it
> > running pf(4) and pray that no one ever reads your SMTP headers.
> >
> > ~BAS
> >
> Bad Lava. I don't think he was looking for BSD evangelism.
>
> You know that it's perfectly possible to run nice safe linux boxen as routers for this situation. You should also be aware that there are plenty of large organisations including local .edu installations that have linux machines on publicly routable addresses without firewalls or NAT without getting compromised all the time.
Classic.
>
> The OP should realise the risks (which it appears that he does) and
> assess whether he has the skills/knowledge/time (or the inclination to
> learn them) in order to mitigate those risks down to what he considers
> to be acceptable levels for this situation. This is the fundamental
> question in security. And well you know it.
>
> If, on the other hand, you want to suggest that OpenBSD/pf would be a
> better solution for this situation. I'm sure wplug would be interested
> in a presentation complete with analysis and howto:)
I've found the following firewall implementations to be fabulous
solutions (in order of most preferred):
ipfw, pf, ipfwadm, ipfilter, ... windows firewall, iptables
--
Tom Rhodes
More information about the wplug
mailing list