On Sat, 27 Feb 2016 12:15:21 -0300 Renaud (Ron) OLGIATI <ren...@olgiati-in-paraguay.org> wrote:
> On Sat, 27 Feb 2016 15:22:09 +0100 > heqamilus <heqami...@runbox.com> wrote: > > > I know that is possible to build a firewall using Debian. > > It is possible, but why go to the bother when you have dedicated > distributions like IPCop that come ready to go, and are by design more secure > than a specially-configured Debian will be. Please. "Out-of-the-box" IPCop (version 2.1.8 I just grabbed from the Sourceforge) does have: 1) No meaningful DNSSEC capability. 2) Presence of libfontconfig.so *and* fonts for no good reason. 3) Bunch of questionable quality root-owner SUID binaries in /usr/local/bin, intended to be called from Web-interface. 4) Lack of any pre-installed IDS. 5) Outdated kernel 3.4, configured *without* SELinux, Apparmor or tomoyo support. Oh, did I mention that *primary* download mirror for this distribution is the Sourceforge? IPCop can be an interesting solution for a host on an internal network, which nobody intends to poke, but suggesting putting *this* to serve as a firewall from an Internet is a joke. Reco
