Date: Sat, 5 Oct 2002 08:55:03 +0200 (CEST) From: Oliver Fromme <olli@secnetix.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: small install Message-ID: <200210050655.g956t3Mp091313@lurza.secnetix.de> In-Reply-To: <3D9E1B8A.9080709@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Sierchio <kudzu@tenebras.com> wrote: > If you're doing IPSec or PPTP or any VPN you may want OpenSSL, Not necessarily. > since it's the source of the crypto libs, and hardware support > for the vpn card is available via Sam Leffler's OpenBSD /dev/crypto Work has been done to port that to FreeBSD as well. From the latest status report: <quote> Import of this work into the -current tree has started. A publicly available patch against 4.7 will be released once 4.7 ships. Integration of this work into the -stable source tree is planned for 4.8. </quote> > I question whether you'd want any compiler at all on a firewall... Depends. From a security point of view, I think it doesn't matter (some people have a different opinion, so YMMV). But it can save quite a lot of space, so it can be a good idea if you're tight. On my own embedded system (not a firewall, though) I have removed the compiler toolchain, all static libraries, perl and a few other things that weren't needed. All of that for space reasons, because the machine boots from a 48 MB compactflash card. I got the size of the system down to 32 MB, even though I installed quite a few "convenience" tools (a non-standard editor, my favourite shell [zsh], lsof, strace, cpdup and a bunch of other must-have tools, as well as OSS which accounts for another 3 MB). Here's a "du -k" of mine, for comparison: http://www.secnetix.de/~olli/cantaro/du-k.txt Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210050655.g956t3Mp091313>