decent non-embeded firewall (my worthless 2 cents)
Bryan O'Neal
boneal at cornerstonehome.com
Tue Mar 31 08:44:48 MST 2009
It's a home box, rite now I just flip the power switch on my router when I
sit down and maybe a few times while working (when being stormed).
If I have to convert the available box over to a dedicated system then I
may, but I also may just keep manually rebooting the Netgear. It is an
intermittent, but annoying, problem. Though I suppose since my TV died I
don't need a box hooked to my TV until I replace it anyway ;)
It's mostly a case of the cobblers children having no shoes. I would never
have allow comingled device for my clients, but I don't mind having one for
my self. That and routing should not take that much power, after all high
end embedded are designed to run on a PIII 500, my tv box way out strips
this :)
As for exposing everything on the network I would only expose one box, the
one running the firewall. Everything else would be sitting behind the
firewall that currently suffers the reboot when flooded problem.
Basically if I can not find a decent co-mingled product it is better to
suffer the five days a month I have storm issues then to argue home
esthetics with my wife. Although I was looking forward to being able to
running things like snort and squid on the boarder box as well as having
better logging then what my router currently does. However, again, it's not
worth arguing with a pregnant wife that I need to put up another pair of
minitowers, one box as a firewall/router and then another rite next to it as
a proxyserver/monitor and then the router I have now. And then to tell her
she can't surf on the main tv anymore would defiantly not be worth it.
Please remember, this is my home not a business, each box is independently
firewalled, I encrypt all traffic on my privet net, and all but one box
would sit behind the current firewall appliances. Again, perhaps I am just
an idiot but I don't see how this is so bad? I am guessing there are people
on this list running wireless networks with WAP and not encrypting traffic
between their boxes so having a boarded box not running a dedicated
distribution does not seem like heresy. Can one of the experts tell me
(please) in hard numbers how having a co mingled boarder router that
forwards approved traffic to an internal firewall router that then handles
an internal net where all traffic is encrypted and each box has an internal
firewall is so much worse then the average set up on the this list? Because
I am seriously missing something as I just don't see how this substantially
increases my risk beta.
-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of
kitepilot at kitepilot.com
Sent: Tuesday, March 31, 2009 3:59 AM
To: Main PLUG discussion list
Subject: Re: decent non-embeded firewall (my worthless 2 cents)
>> allowing me to keep the box hooked up for its "tv" centric features.
DON'T!!!
A firewall, is a firewall and is a firewall.
In my perpetually delusional state of paranoia, I don't allow ANYTHING not
indispensable on my firewall.
And even though, I look for ways to eradicate...
My firewalls run in LFS with ONLY what is essentially needed for the job.
I even tried once "Debian from Scratch" and could not digest the amount of
junk they insisted on putting in.
my mantra:
DO NOT USE YOUR FIREWALL FOR ANYTHING ELSE BUT THE FIREWALL.
YMMV
Enrique.
PS: The fact that I am paranoid doesn't mean that they are not after me...
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list