[plug] Firewalls

[Craig Ringer]

> Any comments on these or other packages?

I've always just DIY'd a debian box. Minimal install, potato is ok (but
you need kernel 2.4 for a decent firewall IMHO) and you can just add 1
file to /etc/ipmasq/rules to turn it into a nicely protected beast. Zero
maintainance, very well supported by the community so its easy to get
questions answered, and it's really _not_ that hard to install.

I would not reccomend a debian box as a firewall if you've got a
transcient dialup though. I've not yet seen a good web interface for
dialup control (someone please prove me wrong) and ssh-ing out to the
firewall to dial is a pain, esp from a windows box. My solution, kppp +
vnc, works amazingly well IMHO but isn't just a matter of "apt-get x" to
set up, and I have real issues with kppp hemmoraging memory. 

I'm a bit biased though, as I'm addicted to the power of a system that's
not just a "black box," and I like to tweak. Anyway it'd be wrong to
install smoothwall on our firewall box *grin*.

I've never had a good experience with an "instant firewall" product.
Most seem limited, make assumptions about the network they shouldn't, or
in Smoothwall's case just refuse to work. I tried Smoothwall on 3
different machines and got the same problems (console corruption,
tendancy to crash when hooked up to a network). Probably just me,
though.

-- 
|  Craig Ringer
|  -- If it ain't broke, add features 'till it is