From owner-freebsd-chat Fri Jan 18 0:29:11 2002 Delivered-To: freebsd-chat@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-131.dsl.lsan03.pacbell.net [63.207.60.131]) by hub.freebsd.org (Postfix) with ESMTP id 8B5B937B419 for ; Fri, 18 Jan 2002 00:29:08 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id BB03B66E1C; Fri, 18 Jan 2002 00:29:07 -0800 (PST) Date: Fri, 18 Jan 2002 00:29:07 -0800 From: Kris Kennaway To: Nathan Mace Cc: freebsd-chat@FreeBSD.ORG Subject: Re: A CDROM based firewall----Which Os do i use? Message-ID: <20020118002906.A27775@xor.obsecurity.org> References: <200201172324.SAA04174@uce55.uchaswv.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200201172324.SAA04174@uce55.uchaswv.edu>; from nmace85@yahoo.com on Thu, Jan 17, 2002 at 06:22:01PM -0500 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 17, 2002 at 06:22:01PM -0500, Nathan Mace wrote: > for those of you interested, what OS do you recommend as a good starting= =20 > point for a bootable, CDROM based firewall. seeing as how this is=20 > freebsd-chat the obvious choice would be Freebsd. However seeing as a=20 > firewall needs to be secure as possible, wouldn't Openbsd make better sen= se? =20 I don't really understand the mentality of "It's a firewall, so we want it to be as secure as possible, so that means we should use OpenBSD". If you want to use some feature of OpenBSD then fine, but the track record of OpenBSD with respect to remote holes is no better than FreeBSD, if you actually look at it. Until recently OpenBSD even used the same firewall package which is included in FreeBSD (then they rewrote it from scratch :-). Since you're building a firewall, and that means you have to configure it by hand according to your security policy, you can make just as much of a security mess in either OS :-) Kris --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8R9zSWry0BWjoQKURApCNAJ40JXN02rFy6fQzPpA99m4ILhev0ACfbR9S qQYhg6h48KliYVkjnIepZrg= =jva+ -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message