Am 29.06.2015 um 15:46 schrieb Sorin Srbu <sorin.srbu at orgfarm.uu.se>: >> >>> Please note: I'm not criticizing, just curious about the argument >>> behind using a regular OS to do firewall-stuff. >>> >> >> Maintenance. >> >> A consistent set of expectations does wonders for debugging odd-ball >> occurrences. Why learn the idiosyncrasies of two distros when one > suffices? >> Just start with a minimal CentOS install on your router/gateway and add > only >> the packages that you know that you need. >> Any critical omission will evidence itself in short order and can be added > then; >> or the source of the need removed as circumstance warrants. > > Sorry for OT. > > Even considering a minimal CentOS install, is that still less minimal than > e.g. Smoothwall or Ipcop? > In my world, security has a price and, and that might be the need to learn > another distro in order to minimize security issues (and maybe as in this > case minimize attack-surfaces). > > Still just curious about the arguments pro/con regular OS:s as firewall. 8-) +1 - we use here for "all" the same distro because normally the most security holes are done by the configuration abilities of humans. to catch this effectively the distro is not a variable. Therefore I appreciate the great work of the "CentOS on ARM7"-team! -- LF