Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bootable CDROM-based Firewalls?

Posted by Cliff on from the soon-everyone-will-NEED-one dept.

DNapalm asks: "I work at a small local ISP that is in desperate need of a firewall. We don't have much of a budget, so a hardware-based solution (which I'd prefer) really isn't an option. I've been searching around the web for firewall distributions, and I know what I am looking for. I'd like a boot CD (no install required, no filesystem hacking, just reboot) that stores the configuration on a floppy (that we can easily write protect). It should have a web interface and be able to log to a hard drive or some other machine. Some distributions I've found that seem close are Sentry Firewall, Devil-Linux, NetBoz, ClosedBSD, and Keeper Linux. Has anyone used these? Can you give recommendations? Any help would be appreciated."

5 of 50 comments (clear)

  1. LEAF by SIGBUS · · Score: 4, Informative
    LEAF, with several versions, would be a good starting point. One variant in particular would be Dachstein-CD, which boots off a CD and uses a floppy to back up configuration changes. Note that the Dachstein releases are 2.2/ipchains-based, while Bering, which is floppy-based, is a 2.4/iptables system.

    I'm using a floppy-based Bering system where I work as a multi-ISP router/firewall, and it works quite well.

    --
    Oh, no! You have walked into the slavering fangs of a lurking grue!
  2. Dead site by SIGBUS · · Score: 3, Informative

    The problem is, if you look at the linuxrouter.org main page, you'll find that the site hasn't been updated since May 3, 2001. Most LRP development these days is on the LEAF site.

    --
    Oh, no! You have walked into the slavering fangs of a lurking grue!
  3. SuSE Firewall by Khazunga · · Score: 3, Informative
    You'll want your security advisories delivered to your doorset, with quick and easy updates. If yor time is worth a dime, go for a commercial distro. I'd use SuSE:

    http://www.suse.com/us/business/products/suse_busi ness/firewall/index.html

    --
    If at first you don't succeed, skydiving is not for you
  4. Gibraltar by acaird · · Score: 4, Informative

    Gibraltar is pretty much what you just described. It worked very well for me in the past, although it looks like development has slowed down (no updates, at least to the free version, in over a year).

    --
    Power corrupts. PowerPoint corrupts absolutely. E. Tufte
  5. Gnatbox by Wicked+Panda · · Score: 2, Informative

    http://www.gta.com

    Simple floppy based firewall, with GUI for those who want it. Easily configured, and rated highly by several publications. Logs via syslog to another system. Can do email and dns proxying if you need it. Doesn't do CDROM, but you can do flash memory.

    Basically, a BSD derived firewall that was split from the tree a few years ago. They have an active development effort, and sell commercial products just for your situation. Commercial versions of Gnatbox are not cheap, but there is a good installed base, and a good mailing list that will help with stuff.