On Tue, Jan 01, 2002, Penguin wrote: > Debian website says 2.4 is not really mature enough yet, does this mean > mature enough security wise also? > > I am trying to figure out what kernel I should use, for the next 6 months at > least anyway. Security is my main objective, most other things can go to the > wall if they conflict. > > But I would like my Nvidia card to work with a 2.2 kernel, and I would like > to be able to use cdrecord/xcd-roast, and other goodies too. I need to be > able to run XFree 4.1. I would like to be able to have sound, using a > SoundBlaster 128 Live card. > > I would prefer iptables, since I know it has a LOG option to record all > incoming and outgoing like a packet sniffer for my modem dialup connection - > does ipchains with the 2.2 kernel have a comparable option? I want to see if > when I log into my POP3 server if my user and pass is sent in clear, etc etc. > I want to see everything passing on the wire. > > Can I use iptables with a 2.2 kernel? > > Given that I am super paranoid, maybe my old Debian 2.2r2 Potato is the best > bet for me. Is there any reason why I may not be able to upgrade X to XFree > 4.1 with this version of Potato?
If you're superparanoid (as you put it), I would suggest getting an old PC (maybe a Pentium, which can easily be had for <$100), and making a dedicated box to serve as a firewall between your workstation and the wild internet (also could nicely double doing impasqing if you have multiple other boxes). On that I'd put either 2.2.20 with ipchains (since it's more mature), 2.4.17 with iptables (easier to configure secure firewall scripts than ipchains, IMHO), or OpenBSD. Even better, maybe, (though I have zero personal experience with the following), might be a linux firewall-specific distribution, such as: Linux Router: www.linuxrouter.org Smoothwall: www.smoothwall.org Gibraltar: gibraltar.vianova.at (which is based upon Debian) Hope this helps and happy new year! -Daniel > Thanks :) > > -- > Penguin > [EMAIL PROTECTED] > > "Girls are for pleasure; boys are for ecstasy." -- Daniel A. Freedman Laboratory for Atomic and Solid State Physics Department of Physics Cornell University
