Firewalls: Using Linux for a firewall.

Firewalls
(February 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Using Linux for a firewall.
From:	Darren Reed <avalon @ coombs . anu . edu . au>
Date:	Fri, 24 Feb 1995 19:01:38 +1100 (EDT)
To:	firewalls @ greatcircle . com

If the code I'm reading, 1.1.88, is actually what is in use, then Linux
should be LAST on your list of operating systems to use for a firewall,
ipfw or no.  It would be trivial for a "bad" IP packet to cause a Linux
kernel numerous problems.  All sorts of things are done in the wrong
order (assuming BSD is more correct) and various sanity checks on incoming
packets are not performed.  This is just from reading their code in the
last 5 mins, with NetBSD in another window on the right, and comparing
the two, seeing what does and doesn't get done.  That or the BSD code is
more paranoid about what it does and trusts, which isn't an altogether
bad thing.

Just thought I'd let some of you know as I've seen a few people ask
about using it as a firewall.

Cheers,
Darren

Follow-Ups:

Re: Using Linux for a firewall.
From: hbo @ octel . com (Howard B Owen)

Indexed By Date	Previous:	Re: SUN's Netra Internet Server / Firewall From: Georg Chytil <chytil @ hp4at . eunet . co . at>
Indexed By Date	Next:	Re: sendmail hole From: emwmf @ emw . ericsson . se (Martin Fredriksson)
Indexed By Thread	Previous:	Anyone running skey on Solaris 2.3 From: Tim Keanini <blast @ worldbit . com> (Tim Keanini)
Indexed By Thread	Next:	Re: Using Linux for a firewall. From: hbo @ octel . com (Howard B Owen)