> In addition to plain ole iptables masquerade, I'd personally > install squid, ntp, and bind. You may as well use squid to > get some benefit out of the 8 gig hard drive. "Obviously" > you want to dpkg --purge telnetd, etc.
BIND has been statistically one of the largest *nix exploits. I would not recommend installing it on a firewall. While things have gotten better and there are useful security measures (chroot jails), it is not really worth putting on a firewall (which should be dedicated, hardened and standalone, imo). Squid I agree with, if you want/need a caching proxy. If you have a fast connect or very few users, I'd say "Why bother?" Most places I know that use them, besides for legal and policy reasons, get most use out of them because users access the same content all the time (www.aol.com, www.yahoo.com, organization webpages). - James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
