creating a DMZ -- seeking firewall advice

Andy Bradford amb-plug at
Tue Mar 8 17:16:16 MST 2005

Thus said Ryan Byrd on Tue, 08 Mar 2005 11:50:28 MST:

> No need to worry about patching/locking down anything else, like you'd
> have to consider with a linux  box. In a very over-general sense, too,
> dedicated tools seem to work better than multipurpose ones (ever tried
> to cut down a tree with a swiss-army knife saw-blade?)

There are also OSes that have a very sane set of defaults and can safely
be  run. e.e.  With  OpenBSD, the  only service  running  by default  is
OpenSSH and you can easily restrict  who has access to that service with
a firewall  rule. Also,  you see  just as  many problems  with dedicated
systems on bugtraq.

> so, does anyone have any experience with hardware firewalls?

I've run Checkpoint  (though it isn't a hardware firewall),  but I would
rather use pf.

GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204  2219 A43E F450 A638 88C9)
[-----------[system uptime]--------------------------------------------]
  5:16pm  up 131 days, 22:03,  1 user,  load average: 1.00, 1.00, 1.00

More information about the PLUG mailing list