On Thu, 2009-06-04 at 14:10 -0700, Eric Shubert wrote:
> Yes, any distro can certainly be configured as a firewall.
>
> The primary advantage I see in using a "firewall distro" is that it's
> just plain easier, meaning that you don't need as high a level of
> expertise in order to make it work. Personally, I'd rather let the
> people who do IPCop worry about the intricacies of iptables and other
> aspects of firewall functionality (i.e. VPNs). There's also less of a
> chance of me screwing something up that way. Using a tailored distro is
> a way to leverage OPK (Other People's Knowledge). Why re-invent the
> wheel? Then again, if you're comfortable and proficient with iptables
> and OpenVPN (or IPSec or whatever), I expect you'd be perfectly
> comfortable "rolling your own".
I see where you're coming from on that but for some reason (probably
because I don't really know what I'm talking about) running a specialty
distro like IPCop with a web interface and potentially outdated packages
just seems like it would open the door for all sorts of security issues
to me, the same reason I don't like to use LFS, it's hard to stay on
updates. Anybody who understands the security aspects better than I do
have an opinion on the security implications of running IPCop, pfsense,
ect. vs making your own router from Debian, Gentoo, ect?
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)