Re: Linux firewall question.

To: firewalls@greatcircle.com
Cc: debian-firewall@lists.debian.org
Subject: Re: Linux firewall question.
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Fri, 6 Mar 1998 03:00:55 +0100
Message-id: <[🔎] 19980306030055.49024@lina>
In-reply-to: <34FEF9E6.CF025AC8@iname.com>; from Sami Yousif on Thu, Mar 05, 1998 at 01:15:50PM -0600
References: <Pine.LNX.3.95.980305103222.1682E-100000@barney.iamerica.net> <34FEF9E6.CF025AC8@iname.com>

> Speed:
> The leaner the kernel is as far as the firewall is concerned, the
> quicker it is able to handle packet forwarding/etc. 

A modularized kernel can be leaner, since it doesnt require compiles all the
time to get rid of unwanted parts.

> Security:
> Having module support on a firewall machine  invites the possibility
> that one of the modules can be compromised through a trojan.

This is also true for /sbin/init. I think the firewall has to be designed to
be immutable/secure after a reboot (i.E. boot from read-only media) or/and
do some checksums.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy


--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  E-mail to listmaster@debian.org .

Reply to:

Follow-Ups:
- Re: Linux firewall question.
  - From: Henry Hollenberg <speed@barney.iamerica.net>

Prev by Date: Re: Start up scripts
Next by Date: Re: Start up scripts
Previous by thread: Re: MTA
Next by thread: Re: Linux firewall question.
Index(es):
- Date
- Thread