[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Create a canned 'Firewall Build' or RFHH
I was going to just drop this thread, but John made some
excellent points, so I'm picking it up again.
On 25 Feb 2002 at 16:33, John R. S. Mascio wrote:
> A good canned firewall that addresses a specific need is a good thing.
Amen!
> With 1,000's of practices in Dallas, TX alone, there is not enough
> System Managers or Security Experts to go around. If a medical
> practice has to develop the expertise to build a firewall from
> scratch, it will never happen. If those of us in the field can build
> a good tool for them to use, with some minimal time/input from us, we
> have done something beneficial.
Agree 100% ... but it's not just the medical business. It's
any business with Internet connections.
> I decided to go with OpenBSD because of it's reputation for keeping
> security in mind. So far, I've seen the OpenBSD community would rather
> keep to themselves and require everyone to have to be an expert in
> OpenBSD to use it, then share their knowledge to create tools for
> those who know less but have just as strong a need for security. If
> that is the case, I'll find a different place to solve this problem...
There is no other official OpenBSD list that addresses this.
Advocacy is about promoting its use, but not about how to do
things. Ports is about Ports, not configuring the base OS.
There is no "newbies" list for people like John (and me --
although I've been using it for over a year [just checked and
uptime on web.geoapps.com, my OpenBSD web server, is now "365
days" :-)], I'm still a newbie).
> If you want to flame me, see my email address below.
Me, too.
> I'll get off my soapbox now...
This is the "misc" list, right? Where else should we discuss
firewalls based on OpenBSD?
Perhaps there needs to be a separate official (@openbsd.org)
"Firewalls" list. Security is a primary raison-d'etre for
OpenBSD, and a firewall *_requires_* a secure OS. The two are
made for each other, and I'm surprised there isn't already
such a list.
For now the obsdwall list is carrying the traffic, but I think
this is a market niche that none of the other freenixen
(FreeBSD, NetBSD, Linux) is addressing adequately. And given
OpenBSD's audited code, why would *_anyone_* base a firewall
on an unaudited codebase UNLESS it's easy to set up?
I get security advisories on freebsd-announce at least several
times a month (they're up to 02:12 so far this year), and
SecurityFocus and other security sites have Linux security
issues quite frequently. While none of these may affect my
firewall, I'd have to keep up with them nonetheless, which is
why I, and John, and (based on the length of this thread and
the fact that it spun off another list) think an easy-to-set-
up, secure firewall package for OpenBSD is a Good Idea ....
---------------------------------------------------------
Angus Scott-Fleming GeoApps, Tucson, Arizona
angussf@geoapps.com 1-520-290-5038 / fax 1-208-248-3124
---------------------------------------------------------
"Those who would give up essential Liberty, to purchase a
little temporary safety, deserve neither Liberty nor
safety."
- Benjamin Franklin