>From: Darren Reed <avalon @
>Date: Fri, 24 Feb 1995 19:01:38 +1100 (EDT)
>Subject: Using Linux for a firewall.
>If the code I'm reading, 1.1.88, is actually what is in use, then Linux
>should be LAST on your list of operating systems to use for a firewall,
>ipfw or no...
I'd have to concur. I went through several versions of the Linux IP
stack with some similar uses in mind, and I was appalled at the state
of the implementation. To give credit where credit is due, the
implementors did a credible job for a development from scratch, but
one of the great things about the technology industry is the ability
to learn from years of others' mistakes.
I understand the desire to get "something out there", quickly, and
free of political/commercial restraints. I do not understand the gross
omissions in the implementation with regard to sequence number
generation, option handling, bounds checking, size checking, and
several other areas. It's one thing to be proud of doing it yourself,
but another completely to resist looking at what has worked in the
I'd strongly argue against using it as a platform for any
mission-critical networking job, _especially_ those involving
Bob Stratton Security Products and Services Manager
UUNET Technologies, Inc. strat @
3060 Williams Drive Voice) +1 703 206 5600
Fairfax, Virginia 22031 Fax) +1 703 641 7704