[plug] Setting up a new firewall

[Onno Benschop]

Hennie Strydom wrote:

>Running more applications on the firewall increases your risk of an
>intrusion, since a flaw in any one of these applications might allow
>such an intrusion.  Intrusions are worse if you have all your eggs in
>one basket.
>
>Why do you not use a distro like IPCOP or Smoothwall on an old PC as a
>firewall?  I have IPCOP running on an old P1 200Mhz with 64MB RAM for
>myself, and it does an excellent job as a firewall with squid, snort,
>DNS, DHCP and VPN (with low usage on the VPN).  It can even run
>Dansguardian, but this takes forever to start on this lack of processor,
>after which it is fine.
>  
>
This made me smile.

On the one hand you're saying don't run any services on your firewall, 
it will make it vulnerable. On the other hand you're saying, "I'm 
running several other network applications."

So which is it, a secure firewall with nothing, or a computer that also 
acts as a firewall?

So, if it were me, I'd be just running a firewall :)

-- 
Onno Benschop

Connected via Optus B3 at S34°45'36.5" - E139°00'08.7" (Mount Pleasant, SA)
--
()/)/)()        ..ASCII for Onno..
|>>?            ..EBCDIC for Onno..
--- -. -. ---   ..Morse for Onno..

Proudly supported by Skipper Trucks, Highway1, Concept AV, Sony Central, Dalcon
ITmaze   -   ABN: 56 178 057 063   -  ph: 04 1219 8888   -   onno at itmaze.com.au