From owner-freebsd-stable Fri Oct 4 23:55: 9 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4C7A37B401 for ; Fri, 4 Oct 2002 23:55:07 -0700 (PDT) Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3D1643E4A for ; Fri, 4 Oct 2002 23:55:06 -0700 (PDT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [IPv6:::1]) by lurza.secnetix.de (8.12.5/8.12.5) with ESMTP id g956t3mC091314 for ; Sat, 5 Oct 2002 08:55:04 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.12.5/8.12.5/Submit) id g956t3Mp091313; Sat, 5 Oct 2002 08:55:03 +0200 (CEST) Date: Sat, 5 Oct 2002 08:55:03 +0200 (CEST) Message-Id: <200210050655.g956t3Mp091313@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG Reply-To: freebsd-stable@FreeBSD.ORG Subject: Re: small install In-Reply-To: <3D9E1B8A.9080709@tenebras.com> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.6-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Michael Sierchio wrote: > If you're doing IPSec or PPTP or any VPN you may want OpenSSL, Not necessarily. > since it's the source of the crypto libs, and hardware support > for the vpn card is available via Sam Leffler's OpenBSD /dev/crypto Work has been done to port that to FreeBSD as well. From the latest status report: Import of this work into the -current tree has started. A publicly available patch against 4.7 will be released once 4.7 ships. Integration of this work into the -stable source tree is planned for 4.8. > I question whether you'd want any compiler at all on a firewall... Depends. From a security point of view, I think it doesn't matter (some people have a different opinion, so YMMV). But it can save quite a lot of space, so it can be a good idea if you're tight. On my own embedded system (not a firewall, though) I have removed the compiler toolchain, all static libraries, perl and a few other things that weren't needed. All of that for space reasons, because the machine boots from a 48 MB compactflash card. I got the size of the system down to 32 MB, even though I installed quite a few "convenience" tools (a non-standard editor, my favourite shell [zsh], lsof, strace, cpdup and a bunch of other must-have tools, as well as OSS which accounts for another 3 MB). Here's a "du -k" of mine, for comparison: http://www.secnetix.de/~olli/cantaro/du-k.txt Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message