[NTLUG:Discuss] Cd based Proxy/Firewall (again)
severian@pobox.com
severian at pobox.com
Sat Jul 12 12:08:43 CDT 2003
Howdy,
Neither smoothwall or ipcop are CD bootable. If you really want that
featute, I can't offer firsthand advice. I think that is a bad idea for a
firewall. I want to be able to configure aspects of the firewall, e.g.
iptable rules, port access list, and cron entries for automatic up and down
times. I also want to be able to store lots of logs. You need some
storage media for that. These two products are qick to install, and can be
locked down pretty well. That is why I suggested them.
It is not that I don't see any value to what you want to do. I can see
how just rebooting would e a plus. It just seems like you would have to
give up too much to get it with products I am familiar with. I don't claim
to know all products, but I can talk about the ones I do know. And I would
love to see someone add to the discussion with other alternatives that I
could learn about.
Two other possibilities come to mind. One is to try one of the floppy
based firewalls like coyote linux. You could make copies of the floppy and
after a compromise just put a new one in. I tried several about a year and
a half ago and for my own use they were too limited. But, they may be
enough for you.
The second is to install IPCOP, configure it and then make a backup
which you could restore. You would lose all your logs, but otherwise keep
a good firewall.
Good luck,
Ralph
In response to the welcome remarks of Paul Drew at 11:12 AM 7/12/03 -0500:
>Howdy,
>I had been looking at them actually, but I didnt see anything about being
>cd bootable, and allowing me that feature. One of our boxes was comprimised
More information about the Discuss
mailing list