> You asked "Wouldn't AIX be a good OS choice for a Unix-based firewall?"
> (This is one question out of a 3 paragraph note, but it caught my eye)
> I have the misfortune to use AIX for a UNIX based firewall. But I won't
> do so again. I keep running into flaws in networking and authentication
> that drive me crazy. The AIX login.cfg auth1 and auth2 facilities look
> like great stuff, but are broken in practice. This and other facilities
> are poorly documented.
> No, I don't think AIX is a good OS choice for a UNIX based firewall.
> (Want to see my scars?)
> (OK, my next generation will be BSDI, or Plan9 -- what about Amoeba?)
Sorry to hear this. I use an rs6000 with TIS for our firewall. There is
a trick to using AIX. We have an advantage in that we have ALOT of rs6000's
that we were able to find a 'stable' release of aix with. IBM is known
for a 'patch hell' where every patch that you install breaks something else.
And the 'patch' is normally between 100-200 MB on a tape. If you are
careful and know how to do it, the patch can usually be reduced to about
20-30 MB each. (Very painful!)
In addition, for better or worse, IBM has chosen to make AIX completely
different to administer from any other unix I know of. Before you decide
to start any mission critical operation, make SURE you know how to admin
the system you are using, regardless of whose it is.
My real point is here that if you don't know the system
from the admin point VERY well, learn it before you try to impliment
a firewall with it.
Grover C. Davidson II | I speak for ME! This is my machine, and my
828 Fall Crown Ln | ideas. My employer doen't pay for my machine
Fenton, Mo 63026 | or ask for my opinions.