Wow!!! I'm on the firewall mailing list (http://www.greatcircle.com) where they've been having a bit of a "discussion" about the pros/cons of using Linux as a firewall.
If you're interested, read on.... (I think Debian developers will get a bit of a kick regarding what is said about Slackware/RedHat/Debian developers in general - or, at least, what is implied....) Anyone here care to comment? Also, I'm not just posting this to start some type of flame war, etc. I've been considering building a commercial product based on Debian Linux - it's features to include basic firewalling capabilities. So, I'd like to begin some discussion in this list on the merits of using Debian as a firewall - something beyond just IP Masquerading, etc. Later, Kevin Traas -----Original Message----- From: john <[EMAIL PROTECTED]> To: Greg Whalin <[EMAIL PROTECTED]> Cc: Firewall list <firewalls@GreatCircle.COM> Date: Friday, October 31, 1997 10:08 AM Subject: Re: Linux et al PFs >I've been hit by about everything, from one time to another. Be it simple >buffer overflows - SYN or Smurf attacks. And i've seen linux puke under >conditions that BSD sailed right through. I think that speaks for itself. > >Linux isn't anything new to me. Aside from the old SysV/Xenix machines I >used, it was my first "personal" unix. I have had alot of experience with >it in both firewalled and non-firewalled enviroments. It's a great >personal work enviroment. It can't take high stress. I dare you to take a >Linux 2.X kernel machine- and hit it hard, with a syn attack. It will >puke, unless you have some serious CPU/Memory. > >I've seen attacks hit a FreeBSD 2.2.X machine running on a *486/33* that >were correctly filtered and everything went on like normal. Similar >attacks on a Pentium 133 we were useing for testing (which now serves as a >quake server) made it "Kernel Panic - AHHHIIIIEEE" in a matter of about 10 >minutes. > >Again, i'm only pointing out, it is just not a very suitable OS for large >networks, or anything where you're really worried about security. I could >name off about 10 different bugs - external, and internal, that is default >with most Slackware/Redhat/Debian installations. > >The fact is: Linux is not designed by a group of people intent on makeing >a secure OS. It's hacked together, and there is always some new problem >with it. Be that security holes, kernel bugs, etc. > >I'd rather place my bets with something time-tested, and worked on by a >set group of experienced individuals. > >On Fri, 31 Oct 1997, Greg Whalin wrote: > >> OK, fine, I can accept that this is your opinion. Unfortunately, >> platforms adequate for firewall use should not be based upon opinion, but >> on fact and/or example. What situations were you in when your system >> "cracked". If you have a linux system that is cracking when put to the >> test, then I question your ability to set up a "well configured, "stable" >> machine". As I have stated, I use several linux servers running on >> (actual) well configured platforms as corporate firewall systems with >> heavy network bandwidth demand. They perform brilliantly every time. I >> have zero OS related crashes in over two years of uptime. In fact, the >> only crashes I have handled are hardware related. I would venture a guess >> as to say that your statements are biased, or uninformed, or quite simply >> that you are not setting these systems up correctly. >> >> I am not here to say that linux is better than any BSD variant. In fact, >> I am not even discussing any BSD OS. I am simply stating that your claims >> as to the stability, reliability, and performance of linux as a viable >> firewall platform are wrong and without any basis of fact or example. >> >> -------------------- >> Greg Whalin >> [EMAIL PROTECTED] >> >> On Thu, 30 Oct 1997, john wrote: >> >> > Actually, i'm on a Linux 2.0.30 machine right now. I've run linux since >> > near it's inception and I can say it's a nice OS, for a devolper. I've >> > seen it put to the test - and granted - it sometimes runs ok, but far more >> > times i've seen it croak and die, on well configured, "stable" machines.. >> > >> > I've been running FreeBSD for all of my commercial applications, be they >> > serveing webpages, or firewalling, and i've been much more impressed with >> > it's stability, sense of security, and in some respects, it's preformance. >> > >> > If I was to ever consider useing either of them for something that needed >> > to be protected, I would choose FreeBSD - no questions asked. >> > >> > But I will always love Linux for my home masqueradeing setup :) >> > >> > Not saying one is nessescarly better than the other, they both have their >> > applications. But for firewalling, and packet filtering, BSD definatly has >> > the edge. In my opinion. >> > >> > >> > On Thu, 30 Oct 1997, Joe Klemmer wrote: >> > >> > > On Thu, 30 Oct 1997, john wrote: >> > > >> > > > In my experience... with the free OS's, this is what I have to say: >> > > > >> > > > Linux is good for low bandwidth situations where setup time is a concern, >> > > > and reliability isn't an absolute nesscity. >> > > > >> > > > FreeBSD/OpenBSD/NetBSD etc has proven to generally be reliable in >> > > > high-stress conditions, but isn't quite as easy to setup. >> > > >> > > It must have been a long time since you've looked at Linux, then. >> > > It's current state is equal or better at networking that the BSD's. >> > > >> > > --- >> > > Microsoft is not the answer. | In a World Without Fences, >> > > Microsoft is the question, | Who Needs Gates? >> > > NO is the answer. | Linux - http://www.linux.org >> > > >> > > >> > >> >> > > -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
