Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
RE: [suse-security] Kernel-Version
  • From: Boris Lorenz <bolo@xxxxxxx>
  • Date: Tue, 29 Jan 2002 12:56:01 +0100 (CET)
  • Message-id: <XFMail.020129125601.bolo@xxxxxxx>

On 28-Jan-02 Hirsch Wolfgang wrote:
> Hi all,
> which kernel-version should I take for my firewall box?

Conservatively spoken, I would recommend the latest 2.2 kernel and a decent
ipchains firewalling setup, on a striped-down firewall host with a monolithic
(i. e. non-modular) kernel and only the necessary software packages installed.
This would result in a sturdy firewall host, with a set of well-known, very
stable and security-tested apps and tools.

However, the 2.4 kernels and the new firewalling user-space tool iptables are
more flexible and support setting up more complex security scenarios, which may
be important for you if you plan to extend your network(s) in the near future.

You should take a look at ipchains' and iptables' features and the
implementation of the two programs into their respective kernel trees (2.2. and
2.4.) before making your final decision.

> greetings
> Wolfgang

Boris Lorenz <bolo@xxxxxxx>

< Previous Next >