[rescue] A perverse thought (SGI security division)

Joshua Boyd jdboyd at jdboyd.net
Thu Mar 11 15:59:07 CST 2004


On Thu, Mar 11, 2004 at 04:46:43PM -0500, Caleb Shay wrote:

> Well, I know many people swear by openbsd for their firewalls.  I'm 
> sure it's good, but I figure any firewall I set up with openbsd is 
> going to be less secure than one I set up with linux since I know 
> linux and I don't know openbsd.

If the machine is stripped down properly, I doubt the OS matters much
(assuming we are talking about reasonably sane OSes, unlike Windows).

By properly stripped down, I mean it is doing nothing other than
firewalling, and has no extraneous services running.  If it runs ssh or
kerberized telnet, it is accessible only from the inside, not the
exterior (preferably on a third port).

I don't quite strictly follow this, but only because I have dial-up, and
I figure it doesn't matter for dialup that isn't connect more than an
hour or two here and there.  The machine is still fairly heavily
stripped of extra stuff though, just to be on the safe side.



More information about the rescue mailing list