Giacomo Mulas <[EMAIL PROTECTED]> writes:
[...] > This makes it a more powerful approach, even more unneeded rules can be > pruned, and the ruleset is again simpler and easier to understand and > maintain. But this implies running a 2.4.0-testX kernel, and I have had > mixed (very good and very bad) experiences with it. As a rule of the > thumb, I actually run 2.4.0-test10 on every computer on which it can > successfully boot and run without errors for more than an hour, and it is > apparently flawless, but on some PII boxen, for example, it kept giving > fp_exception errors and killing processes, eventually causing a lot of > damage. It did it immediately, though, so it was not a difficult problem > to spot. -test9 works flawlessly on my home firewall, the same setup on a company firewall has cried twice "Aieee" on updating my homegrown iptables package, but works otherwise fine. On my Laptop only small problems (once in a while pcmcia/eth0 is dead). > > To wrap it up, my "hands on" suggestion is: > > 1) if you want a rock stable firewall, go with kernel 2.2.x, spf and > ipchains > > 2) if you can afford to test things a bit and to spend some time getting > things to run smoothly, go with kernel 2.2.4.0-testx, with x>=10, and > iptables. You can get my (hopefully) improved Debian package for iptables 1.1.2 with debconf support from: deb http://ftp.linuxia.de/ftp/debian iptables main Ciao Racke -- LinuXia Systems && Cobolt NetServices, eCommerce and more Shop- und Datenbanklösungen mit MiniVend, Firewalls auf Debian-Basis http://www.linuxia.de - http://www.cobolt.net --> Junior Officer of the MiniVend/Interchange Bug Patrol <---
