Shorewall & Smoothwall both - waste of cpu cycles?
I've got a Gentoo box running with Shorewall just fine, but I recently came across an old PIII that I decided to make into a dedicated firewall. I installed Smoothwall and now have that running. Is there any benefit to having Shorewall running on the green side? If there isn't then I will disable it to shut down a few processes. ;)
Is there any benefit to having Shorewall running on the green side?
Pro: Multi-level protection. The main firewall can be seen as a single point of failure in case of to vulnerabilities, misconfiguration, etc, etc. Having a firewall per host allows for more fine-grained control, is more flexible just in case you want to test things out. Can also help curb the effects of LAN misuse/abuse (at least on mine).
Con: having to manage another set of FW rules. Well. That's a *huge* task, innit?..
If there isn't then I will disable it to shut down a few processes.
According to the site, Shorewall is just an iptables configuration utility. After the rules are set up Shorewall doesn't "run". If your boxen are capable and you're not DOSsing your own LAN you don't really waste CPU cycles.
|All times are GMT -5. The time now is 12:39 AM.|