>> Any extra/unwanted packages which come in a standard distro, >> but which aren't needed for a router, have been removed The best (GEEKY) firewall is an LFS installation running iptables. You just NEVER install "any extra/unwanted package" to begin with. :) I understand it is not for everyone though, but I couldn't resist... 8) ET PS: For the "uninitiated": LFS=http://www.linuxfromscratch.org/ Alex Dean writes: > > On Jun 4, 2009, at 3:24 PM, Paul Mooring wrote: > >> Maybe most people would disagree with me on this but I don't think >> there's too many advantages to runnning IPcop over a standard linux >> distro in the first place if you're only looking to use it as a router. >> Any router or firewall distro is more or less an iptables frontend >> anyhow. To do it make sure "net.ipv4.ip_forward = 1" is in / >> etc/sysctl.conf and there should be an iptables rule for nat, run >> iptables-save and look for a rule that says either -j SNAT --to- source >> or -j MASQUERADE, if your existing iptables rules don't have that run >> 'iptables -t nat -I POSTROUTING -o $EXTIF -j MASQUERADE' where $EXTIF is >> your external interface (probably eth0 or eth1), and then you have a >> fully functional router. > > If you know what you're doing, I agree there isn't any difference. But > the set of people who might want a good firewall/router is much larger > than the set of people who are really comfortable with iptables, and > that's where IPCop & other distros like it fit in really well. > > There are other benefits besides iptables ease. Any extra/unwanted > packages which come in a standard distro, but which aren't needed for a > router, have been removed (and are therefore not exploitable). > Configuring multiple interfaces for multiple networks is really simple. > Etc... > > alex --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss