On Thu, 2009-06-04 at 14:10 -0700, Eric Shubert wrote:

> Yes, any distro can certainly be configured as a firewall.
> 
> The primary advantage I see in using a "firewall distro" is that it's 
> just plain easier, meaning that you don't need as high a level of 
> expertise in order to make it work. Personally, I'd rather let the 
> people who do IPCop worry about the intricacies of iptables and other 
> aspects of firewall functionality (i.e. VPNs). There's also less of a 
> chance of me screwing something up that way. Using a tailored distro is 
> a way to leverage OPK (Other People's Knowledge). Why re-invent the 
> wheel? Then again, if you're comfortable and proficient with iptables 
> and OpenVPN (or IPSec or whatever), I expect you'd be perfectly 
> comfortable "rolling your own".


I see where you're coming from on that but for some reason (probably
because I don't really know what I'm talking about) running a specialty
distro like IPCop with a web interface and potentially outdated packages
just seems like it would open the door for all sorts of security issues
to me, the same reason I don't like to use LFS, it's hard to stay on
updates.  Anybody who understands the security aspects better than I do
have an opinion on the security implications of running IPCop, pfsense,
ect. vs making your own router from Debian, Gentoo, ect?