[CLUE-Tech] a more sophisticated firewall?

[Dave Anselmi]

adam wrote:

> I've found that OpenBSD, while not linux, is the best con sarn
> router/firewall there is.   Nat takes a few minutes to set up, a few more if
> you want specific rules for port forwarding.  Firewalling is a snap, too--
> and you can deny ranges of IPs, specific ports, packet types, etc.

Don't know OpenBSD.  Didn't think Linux was very hard (unless you get into some
of the wacky advanced stuff it can do).

> It has a tiny little footprint, too, so putting it on a 1 GB drive is well
> more than
> enough.

Debian potato, 486, 16MB, 200MB.  How much smaller do you want?

>  I've found that the simplicity and power of OpenBSD makes it a far
> better choice than Linux.  I have friends who tout the superiority of
> linux's iptables firewalls-- but their lists of rules are enormous.  My
> OpenBSD firewall has what-- 17 lines in it?  It blocks the standard RFC 1918
> (I think) IP addresses, blocks incoming netBIOS, logs S/SA packets, and
> passes in to internal IPs sendmail, www, and ssh.  works like a total gem.
> I love it.  You can download a pre-configureed firewall (hardly necessary,
> there is very little "open" by default) and drop it in.  15 minutes of
> staring at it and you will understand how it works.  I have friends who
> swear by it, I swear by it, too.  Plus, you get your hands dirty with
> another distro that you may come to love.

I'll have to take a look.  I doubt the functionality is that different, so I
doubt the config is all that different.  Wouldn't surprise me if OpenBSD has
better examples and defaults.

Can OpenBSD dual boot with Linux/Windows, or do the disklables get in the way?
Since I don't really plan to install OpenBSD soon, do you have any links to
howtos or other docs on doing the above (firewall config)?

Dave