[NTLUG:Discuss] Cd based Proxy/Firewall (again)
David
david at hayes-family.org
Tue Jul 15 00:50:22 CDT 2003
On Sat, Jul 12, 2003 at 05:56:18PM -0500, Paul Drew wrote:
> Hello again,
> Ya know what? I think your probably right. With all the changes, and such
> that we would be wanting to make I don't think burning a ton of cd's is
> even the most optimal thing to go for. We would have to mail and instruct
> people how to change them out all the time, and its just not practical
> since only 1 of the dozen or so machines would be in my location.
I've been thinking of doing this sort of thing by using the smallest
possible boot floppy, with an NFS root load. Just enough to get the
firewall going, then let it pick up whatever configurations it needs
from a central NFS server, mounting the server read-only.
With this sort of system, configuration changes don't involve any new
CD burns. And because it's all mounted RO (including the write-locked
boot floppy), there's no way for an invader who subverts the firewall
to do permanent damage.
--
David Hayes
david at hayes-family.org
More information about the Discuss
mailing list