Am 29.06.2015 um 15:46 schrieb Sorin Srbu sorin.srbu@orgfarm.uu.se:
Please note: I'm not criticizing, just curious about the argument behind using a regular OS to do firewall-stuff.
Maintenance.
A consistent set of expectations does wonders for debugging odd-ball occurrences. Why learn the idiosyncrasies of two distros when one
suffices?
Just start with a minimal CentOS install on your router/gateway and add
only
the packages that you know that you need. Any critical omission will evidence itself in short order and can be added
then;
or the source of the need removed as circumstance warrants.
Sorry for OT.
Even considering a minimal CentOS install, is that still less minimal than e.g. Smoothwall or Ipcop? In my world, security has a price and, and that might be the need to learn another distro in order to minimize security issues (and maybe as in this case minimize attack-surfaces).
Still just curious about the arguments pro/con regular OS:s as firewall. 8-)
+1 - we use here for "all" the same distro because normally the most security holes are done by the configuration abilities of humans. to catch this effectively the distro is not a variable. Therefore I appreciate the great work of the "CentOS on ARM7"-team!
-- LF