[NTLUG:Discuss] Cd based Proxy/Firewall (again)

severian@pobox.com severian at pobox.com
Sat Jul 12 12:08:43 CDT 2003


Howdy,
   Neither smoothwall or ipcop are CD bootable.  If you really want that 
featute, I can't offer firsthand advice.  I think that is a bad idea for a 
firewall.  I want to be able to configure aspects of the firewall, e.g. 
iptable rules, port access list, and cron entries for automatic up and down 
times.  I also want to be able to store lots of logs.  You need some 
storage media for that.  These two products are qick to install, and can be 
locked down pretty well.  That is why I suggested them.
   It is not that I don't see any value to what you want to do.  I can see 
how just rebooting would e a plus.  It just seems like you would have to 
give up too much to get it with products I am familiar with.  I don't claim 
to know all products, but I can talk about the ones I do know.  And I would 
love to see someone add to the discussion with other alternatives that I 
could learn about.
   Two other possibilities come to mind.  One is to try one of the floppy 
based firewalls like coyote linux.  You could make copies of the floppy and 
after a compromise just put a new one in.  I tried several about a year and 
a half ago and for my own use they were too limited.  But, they may be 
enough for you.
   The second is to install IPCOP, configure it and then make a backup 
which you could restore.  You would lose all your logs, but otherwise keep 
a good firewall.
Good luck,
Ralph

In response to the welcome remarks of Paul Drew at 11:12 AM 7/12/03 -0500:
>Howdy,
>I had been looking at them actually, but I didnt see anything about being 
>cd bootable, and allowing me that feature. One of our boxes was comprimised





More information about the Discuss mailing list