From cdf.toronto.edu!apark Wed Jul 24 11:12:39 2002 Date: Wed, 24 Jul 2002 11:10:29 -0400 From: Andrew Park To: "Wilfred L. Camilleri, CISSP" Cc: UT Admins Subject: RE: [Fwd: Re: Something to cheer you up while fighting the spam :-)] Message-ID: Just wondering... Is the Open Source firewall section incomplete or is CNS only willing to advocate BSD based Open Source firewall? The reason why I ask, is that I think it'd be a shame to ignore wonderful resource like Linux and its capability as firewall. (I know the OS war will never take anyone anywhere, but please keep this thread OS-war-SAFE). Also adding Linux based solution included on the website will increase the site's usefulness. I am quite sure that there are people out there who wants to know about Linux firewalls. Also another thing I note was the minimum hardware requirements. It says Pentium II, with 64 Mb of RAM, a 5Gb hard drive, and 2 PCI NICs; in addition, this seems a bit of an overkill. Many Linux/BSD gurus out there would confirm that one can manage minimum installation well under 500M and also that they are happily running their home network firewalls on their old 386s. :) Thanks On Wed, 24 Jul 2002, Wilfred L. Camilleri, CISSP wrote: > FYI > > CNS is working on a "Best Practices" document as well as > a web page dedicated to InfoSec. The web page will include > "Best Practices", information about the Open Source Firewall, > information about viruses and other malizious code, etc. > > Although the site is not quite ready for "prime time" you amy want > to ahve a look at it and send comments/suggestions to me. > > http://cns.utoronto.ca/UTORprotect > > Cheers, > Wilfred Andrew Park ________________________________________________________________________ CDFlab Systems Administrator www.cdf.utoronto.ca | GnuPG Signature www.cdf.utoronto.ca/~apark/public_key.txt | ------------------------------------------------------------------------ From cns.utoronto.ca!pkern Wed Jul 24 16:52:36 2002 From: P Kern To: apark@cdf.toronto.edu Subject: Re: Open Source firewall webpage (was "RE: [Fwd: Re: Something to cheer ...") Cc: ut-admins@cns.utoronto.ca In-Reply-To: Message-Id: <02Jul24.165041edt.444742@rodent.utcs.utoronto.ca> Date: Wed, 24 Jul 2002 16:50:36 -0400 >From: Andrew Park >Date: Wed, 24 Jul 2002 11:10:29 -0400 > > Just wondering... Is the Open Source firewall section incomplete or > is CNS only willing to advocate BSD based Open Source firewall? > The reason why I ask, is that I think it'd be a shame to ignore > wonderful resource like Linux and its capability as firewall. > (I know the OS war will never take anyone anywhere, but please keep > this thread OS-war-SAFE). Also adding Linux based solution included > on the website will increase the site's usefulness. I am quite sure that > there are people out there who wants to know about Linux firewalls. Hi. CNS is not advocating any particular platform. The Open Source firewall (see ftp://cns.utoronto.ca/pub/filbert) is not being offered as the definitive last word in open-source firewalls. It's offered as the result of collected experience with our own firewalls (which predates the Linux explosion). It includes a screen-oriented menu interface to try to make it easier to administer for those not normally dabbling with the "free" OSes. In other words it's being offered in this manner ... Here, this is what we're using. You're welcome to it. If you can use it - great, we'd love to hear from you. If not - well, good luck in your search and we'd still like to hear from you. If you're adamant about using Linux, then obviously this is not the package for you. But note that this package is designed so that once it is installed, firewalling is the only function performed by the system. So with the included admin interface this means that interaction with the underlying OS is kept to a minimum. Or if you're so inclined, since the source for everything is included in the package, then you're welcome to port it to any other UNIX-like platform (yeah, sure. like that'll happen :-). Yes, we could add information about other firewalls based on free OSes, but doing anything beyond mentioning the possibility would end up being a poor imitation of going to Google and typing "linux firewall". What we could do is collect URLs and opinions about the various types of firewalls which are currently being used on campus. If you'd like to contribute this type of information, feel free to send an email to "filbert@cns.utoronto.ca" and we'll add that information alongside the firewall package. > Also another thing I note was the minimum hardware requirements. > It says > > Pentium II, > with 64 Mb of RAM, > a 5Gb hard drive, > and 2 PCI NICs; in addition, > > this seems a bit of an overkill. Many Linux/BSD gurus out there would > confirm that one can manage minimum installation well under 500M > and also that they are happily running their home network firewalls > on their old 386s. :) Yup, the word "requirements" is a bit strong. The word "recommendations" would have been better suited. Having said that, the Open Source firewall package was originally meant as a robust and inexpensive alternative for those groups and departments on campus who needed firewalls but who didn't want to spend too much manpower and/or money to get one up and running. So while ancient hardware might be suitable for use at home, it's not something which we could recommend be used to guard a group or a department on campus. Note that when this firewall is installed, it occupies around 300Mb (this includes the firewall admin package and the operating system). The rest of the disk space is meant to allow room for storing log files. At the original time of writing, 5Gb seemed to be almost the smallest size for "new" disks available from the stores just down the street. Hope this helps. pk. From utzoo!henry Wed Jul 24 20:05:35 2002 Date: Wed, 24 Jul 2002 20:03:40 -0400 From: Henry Spencer To: UofT Sysadmins Subject: Re: Open Source firewall webpage (was "RE: [Fwd: Re: Something to cheer ...") In-Reply-To: <02Jul24.165041edt.444742@rodent.utcs.utoronto.ca> Message-ID: On Wed, 24 Jul 2002, P Kern wrote: > Having said that, the Open Source firewall package was originally meant > as a robust and inexpensive alternative for those groups and departments > on campus who needed firewalls but who didn't want to spend too much > manpower and/or money to get one up and running... A reasonable idea, but in that case, you should also tell people that they should spend a few extra dollars to get a top-notch motherboard and power supply. Better a 16MB K6-233 on a Tyan motherboard with an Antec case and power supply, than a 256MB P4-1.6 on whatever garbage motherboard and box Cheapie Computers on College St. has kicking around the back room. The reason not to run ancient hardware is not that its CPU or memory is old and tired, but that its power-supply fan bearings may be equally old and tired. And if you buy from Cheapie Computers, your brand-new hardware may be halfway to that state already. Henry Spencer henry@zoo.toronto.edu (henry@spsystems.net)