Re: Linux firewall question.
> Speed:
> The leaner the kernel is as far as the firewall is concerned, the
> quicker it is able to handle packet forwarding/etc.
A modularized kernel can be leaner, since it doesnt require compiles all the
time to get rid of unwanted parts.
> Security:
> Having module support on a firewall machine invites the possibility
> that one of the modules can be compromised through a trojan.
This is also true for /sbin/init. I think the firewall has to be designed to
be immutable/secure after a reboot (i.E. boot from read-only media) or/and
do some checksums.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@debian.org .
Reply to: