John wrote:
I've no Idea why some one would think that windoze is going to provide a better firewall. Maybe you think linux based "hard" firewalls have kde etc in them. They just contain what's needed and some propriatry code.
On linux I think that one of the problems is that setting up a firewall is a bit obtuse unless one is very much into linux itself. There is a program that can help a lot with that aspect - guarddog. Personally I think it should be in all distro's. At one point it was going to be included in KDE but for some reason that didn't happen. It works on an allow basis the default being deny. At least this way you can be sure of just what services are allowed and the user interface is as simple as it can be.
There is also much info about on the web about making up a secure linux server that in real terms just behaves like a router. Almost any old pc will do. No monitor etc just what is needed to do the job. That's part of the problem many linux facilities tend to be rather complex and will do all sorts of things that many people don't want them to do - especially remotely. If the software isn't there it can't be run. That's a much safer solution than trying to disable it. It can't be exploited if it isn't there. BSD may be the best bet in that area.
John
I have "rolled my own" Linux firewalls for years now. Originally, it was Slackware on a 486, but my current one is a PIII & SUSE 10.0. I plan to upgrade to 10.3 in the near future. I like to install one version back from the current release, so most of the bugs will be out of it and then upgrade again, when support runs out. One thing I have, which I haven't seen in any consumer level firewall, is a 3rd port, where I connect my WiFi access, so that it's not directly connected to either my home network or the internet. Such a thing is certainly possible in commercial quality routers, but they're also a lot more expensive. I did it that way, so that even if someone manages to break WPA, they're still outside my firewall and need SSH or OpenVPN to reach my network. Also, SSH on my firewall is configured to use a key only and won't allow password access. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org