Re: iptables. 32 or 64?

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMEric Shubert at <-
MM 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: kitepilot@kitepilot.com
Date:  
To: Main PLUG discussion list
Subject: Re: iptables. 32 or 64?
I created a maintenance system for LFS that allows me to install specific
configurations in what I Debug/Development/Production.

"Production" only has strictly necessary software (compiler not being one of
them)

I can actually instantiate a full blown-fully functional LFS box in about 20
minutes. And I can upgrade packages! :)

And yes, compilers are bad...
ET



Eric Shubert writes:

> On 07/22/2012 04:04 AM, wrote:
>> Hello World:
>> I run my firewall on a LFS box.
>> Everything on it is compiled from source.
>> No bells and whistles, only the essential software is installed.
>> The hardware is 64 bits but I've been running 32 bit OS.
>> This time around I am wondering...
>> The question is:
>> Is there any advantage to compiling the whole iptables enchilada in 64
>> bits?
>> Should it be avoided?
>> Please note that the 'normal' rules like 'more than 4GB and/or
>> 32-bit-adobe' do not apply here, what I am looking for is whether
>> filtering/marking will be faster/slower and (if known) why.
>> Any ideas?
>> Tnx
>> ET
>
> I trust Joseph's answers to just about everything, including this.
>
> On a side note, I'd like to point out that having a compiler on a security
> device such as a firewall (or any linux host for that matter) is a bit of
> a security risk, as some malware relies on being able to compile the code
> on the compromised host. So if your intention by using LFS is to make your
> firewall more secure, you might be coming up short if you're building the
> software on the firewall host itself. Personally, I use IPCop, which is
> (also) LFS based.
>
> --
> -Eric 'shubes'
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Remote login... Oh BoyOT: Cellular Modems->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)