On Sunday, 3 February 2019 7:58:35 ACDT Dave Howorth wrote:
I've been thinking about security a bit. Most of my home security depends on my ADSL router and especially on the NAT it provides. Now I could try to harden every machine on my network, which I admit would be best practice, but (a) I'm lazy and (b) I've got little control over some of the devices on the network. So I've been wondering about putting another dedicated machine in between my router and my network to make it harder to penetrate. My router also provides my WAN, FWIW.
Is this at all sane? Would openSUSE make a good basis for the machine? What software would I need to run on it? What hardware power would I need?
TIA, Dave
It certainly could be done using openSUSE, but that might be a little like using a sledgehammer to crack a walnut. My personal preference would be to use a dedicated firewall distro like pfSense or IPFire on a relatively low-cost machine with 2 ethernet ports. Both work well, both are relatively easy to configure. I've played with both as VM's on VirtualBox and both work well, but my personal preference is pfSense. I don't know enough about configuring the SUSE firewall via Yast. Iptables is used behind the scenes on most (if not all) of the dedicated firewall distros anyway, its just that they provide a nice, relatively easy-to-understand user interface for configuration, monitoring and management, but apart from that they probably don't do anything that you couldn't do yourself using openSUSE and Iptables, as long as you're prepared to get down'n'dirty with the configuration files and installing the appropriate packages to achieve what you want to achieve. Regards, Rodney. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ==============================================================