From owner-freebsd-isp Wed Jun 30 8:18:39 1999 Delivered-To: freebsd-isp@freebsd.org Received: from uq.net.au (fox.uq.net.au [203.101.255.1]) by hub.freebsd.org (Postfix) with ESMTP id 41FE714C4F for ; Wed, 30 Jun 1999 08:18:32 -0700 (PDT) (envelope-from mynet@uq.net.au) Received: from uq.net.au (dyn-17-182.dialin.uq.net.au [203.100.17.182]) by uq.net.au (8.9.3/8.9.3) with ESMTP id AAA23373; Thu, 1 Jul 1999 00:42:11 +1000 (GMT+1000) Message-ID: <377A2CFC.8BF24208@uq.net.au> Date: Thu, 01 Jul 1999 00:43:08 +1000 From: Andrew X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Stuart Henderson Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Using one FreeBSD box as router/firewall/vpn References: <009901bec1a4$a15ee260$3d94cbc1@oemcomputer> <3778ABCB.73728DE2@eclipse.net.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Some people would say OpenBSD is more secure - But that is another argument alltogther and it all come down to how people setup their systems. A novel idea though that I have seen done is burning the whole OS to a bootable CD-rom. The great thing is you have no danger of the HD crashing and even if someone finds a way in theres not a much they can do that a reboot wont fix ;) You would need to update the CD as important bugfixes/new releases came out but blank CD's are cheap. Andrew Stuart Henderson wrote: > > Using Linux as a firewall is madness, FreeBSD is MUCH more secure, > > don't forget there are other choices too :) FreeBSD security can > be hardened significantly by running with securelevel set and using > chflags schg to secure critical binaries. That way you have to > restart in single-user mode to make any alterations. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message