a hardware or dedicated firewall box is much better, though it's still good to run a software firewall on the computers (layering is an excellent idea for security, just like it is for keeping warm, generally a hole in one layer is likely to be covered by another layer). you can use a iici or similar computer as a dedicated firewall with open bsd, which is very good about providing security patches etc. you just put 2 ethernet cards in the iici and load openbsd (minus the graphical interface and some other parts) and their firewall and you're set. believe it or not, this setup is more than fast enough to keep up with a cable modem (of course a slightly newer machine will also work). the openbsd firewall can also be used with 1 of 3 default security levels, or you can roll your own set of rules, from scratch or starting with on of the default rule sets.
i'll be doing this myself this summer (as a way to get into *nix and because the number of incursion attempts i see on my dialup connection is ridiculous, and large enough that some may well be aimed at macs) on my dialup line which will eventually be a cable modem eventually. the documentation on the openbsd sight is very good and there are good instructions for installing it. you can download openbsd or buy it on cd. of course buying a firewall box is simpler, but i think the openbsd firewall is more complete as well as being updated regularly. in any case, always keep up with the security patches, whether you get a hardware firewall or use a mac as a firewall (of course a "hardware firewall" is just a computer that's just running a firewall program, and some of them are in fact using openbsd and it's firewall!). if you do get a commercial hardware firewall, make sure it can be configured through a "net" interface, i.e. by your browser, and make sure the company provides good support for macs and pc's. i've found googling for reviews is a good idea before buying any hardware, and for something like a firewall there should be several reviews on the net. "T. Armstrong" wrote: --------- > So if OS X's built-in firewall settings are minimal, is a hardware router > the best addition to a home network? I have a few Macs right now on this > network. Each has a static IP provided by my ISP. The DSL connection is > shared through a 5-port ethernet switch. On the OS X machines I have all > the built-in firewall software enabled. My 9600 runs 9.1 with AppleTalk off > and FileSharing off. ---------- -- MacNetwork is sponsored by <http://lowendmac.com/> and... XRouter Pro | Share your DSL or cable modem between multiple computers! Dr. Bott | Only $199 <http://www.drbott.com/prod/MIH130.html> Support Low End Mac <http://lowendmac.com/lists/support.html> MacNetwork list info: <http://lowendmac.com/lists/macnet.html> --> AOL users, remove "mailto:"; end list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/macnetwork%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
