On 07/22/2012 04:04 AM,
kitepilot@kitepilot.com wrote:
> Hello World:
> I run my firewall on a LFS box.
> Everything on it is compiled from source.
> No bells and whistles, only the essential software is installed.
> The hardware is 64 bits but I've been running 32 bit OS.
> This time around I am wondering...
> The question is:
> Is there any advantage to compiling the whole iptables enchilada in 64
> bits?
> Should it be avoided?
> Please note that the 'normal' rules like 'more than 4GB and/or
> 32-bit-adobe' do not apply here, what I am looking for is whether
> filtering/marking will be faster/slower and (if known) why.
> Any ideas?
> Tnx
> ET
I trust Joseph's answers to just about everything, including this.
On a side note, I'd like to point out that having a compiler on a
security device such as a firewall (or any linux host for that matter)
is a bit of a security risk, as some malware relies on being able to
compile the code on the compromised host. So if your intention by using
LFS is to make your firewall more secure, you might be coming up short
if you're building the software on the firewall host itself. Personally,
I use IPCop, which is (also) LFS based.
--
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)